refactoring updates

cli/core/display/__init__.py

@@ -126,6 +126,15 @@ class DisplayManager:
         """Display a data table with configurable columns."""
         return self.tables.data_table(columns, rows, title, row_formatter)
 
+    def display_status_table(
+        self,
+        title: str,
+        rows: list[tuple[str, str, bool]],
+        columns: tuple[str, str] = ("Item", "Status"),
+    ) -> None:
+        """Display a status table with success/error indicators."""
+        return self.tables.render_status_table(title, rows, columns)
+
     # ===== Delegate to status display =====
     def error(self, message: str, context: str | None = None, details: str | None = None) -> None:
         """Display an error message."""

cli/core/module/base_commands.py

@@ -106,6 +106,10 @@ def list_templates(module_instance, raw: bool = False) -> list:
             )
     else:
         logger.info(f"No templates found for module '{module_instance.name}'")
+        module_instance.display.info(
+            f"No templates found for module '{module_instance.name}'",
+            context="Use 'bp repo update' to update libraries or check library configuration",
+        )
 
     return filtered_templates
 

cli/core/schema/ansible/v1.0.json

@@ -5,9 +5,10 @@
     "required": true,
     "vars": [
       {
-        "name": "playbook_name",
-        "description": "Ansible playbook name",
-        "type": "str"
+        "name": "target_hosts",
+        "description": "Target hosts",
+        "type": "str",
+        "required": true
       }
     ]
   }

cli/core/schema/compose/v1.2.json

@@ -506,6 +506,20 @@
         "default": "authentik-middleware@file",
         "needs": ["traefik_enabled=true"],
         "required": true
+      },
+      {
+        "name": "authentik_client_id",
+        "description": "Authentik OAuth2 client ID",
+        "type": "str",
+        "sensitive": true,
+        "required": true
+      },
+      {
+        "name": "authentik_client_secret",
+        "description": "Authentik OAuth2 client secret",
+        "type": "str",
+        "sensitive": true,
+        "required": true
       }
     ]
   }

cli/core/schema/helm/v1.0.json

@@ -5,10 +5,198 @@
     "required": true,
     "vars": [
       {
-        "name": "playbook_name",
-        "description": "Ansible playbook name",
+        "name": "release_name",
+        "description": "Helm release name",
+        "type": "str",
+        "required": true
+      },
+      {
+        "name": "namespace",
+        "description": "Kubernetes namespace",
         "type": "str"
       }
     ]
+  },
+  {
+    "key": "networking",
+    "title": "Networking",
+    "vars": [
+      {
+        "name": "network_mode",
+        "description": "Kubernetes service type",
+        "type": "enum",
+        "options": ["ClusterIP", "NodePort", "LoadBalancer"],
+        "default": "ClusterIP"
+      }
+    ]
+  },
+  {
+    "key": "database",
+    "title": "Database Configuration",
+    "toggle": "database_enabled",
+    "vars": [
+      {
+        "name": "database_enabled",
+        "description": "Enable external database configuration",
+        "type": "bool",
+        "default": false
+      },
+      {
+        "name": "database_type",
+        "description": "Database type",
+        "type": "enum",
+        "options": ["postgres", "mysql", "mariadb"],
+        "default": "postgres"
+      },
+      {
+        "name": "database_host",
+        "description": "Database hostname",
+        "type": "hostname"
+      },
+      {
+        "name": "database_port",
+        "description": "Database port",
+        "type": "int",
+        "default": 5432
+      },
+      {
+        "name": "database_name",
+        "description": "Database name",
+        "type": "str"
+      },
+      {
+        "name": "database_user",
+        "description": "Database username",
+        "type": "str"
+      },
+      {
+        "name": "database_password",
+        "description": "Database password",
+        "type": "str",
+        "sensitive": true
+      }
+    ]
+  },
+  {
+    "key": "email",
+    "title": "Email Configuration",
+    "toggle": "email_enabled",
+    "vars": [
+      {
+        "name": "email_enabled",
+        "description": "Enable email configuration",
+        "type": "bool",
+        "default": false
+      },
+      {
+        "name": "email_host",
+        "description": "SMTP server hostname",
+        "type": "hostname"
+      },
+      {
+        "name": "email_port",
+        "description": "SMTP server port",
+        "type": "int",
+        "default": 587
+      },
+      {
+        "name": "email_username",
+        "description": "SMTP username",
+        "type": "str"
+      },
+      {
+        "name": "email_password",
+        "description": "SMTP password",
+        "type": "str",
+        "sensitive": true
+      },
+      {
+        "name": "email_from",
+        "description": "From email address",
+        "type": "email"
+      },
+      {
+        "name": "email_use_tls",
+        "description": "Use TLS encryption",
+        "type": "bool",
+        "default": true
+      },
+      {
+        "name": "email_use_ssl",
+        "description": "Use SSL encryption",
+        "type": "bool",
+        "default": false
+      }
+    ]
+  },
+  {
+    "key": "traefik",
+    "title": "Traefik Ingress",
+    "toggle": "traefik_enabled",
+    "vars": [
+      {
+        "name": "traefik_enabled",
+        "description": "Enable Traefik ingress",
+        "type": "bool",
+        "default": false
+      },
+      {
+        "name": "traefik_host",
+        "description": "Ingress hostname (FQDN)",
+        "type": "hostname"
+      }
+    ]
+  },
+  {
+    "key": "traefik_tls",
+    "title": "Traefik TLS/SSL",
+    "needs": "traefik",
+    "toggle": "traefik_tls_enabled",
+    "vars": [
+      {
+        "name": "traefik_tls_enabled",
+        "description": "Enable TLS for ingress",
+        "type": "bool",
+        "default": true
+      },
+      {
+        "name": "traefik_tls_certmanager",
+        "description": "Use cert-manager for TLS certificates",
+        "type": "bool",
+        "default": false
+      },
+      {
+        "name": "certmanager_issuer",
+        "description": "Cert-manager cluster issuer name",
+        "type": "str",
+        "needs": "traefik_tls_certmanager=true",
+        "default": "letsencrypt-prod"
+      },
+      {
+        "name": "traefik_tls_secret",
+        "description": "TLS secret name",
+        "type": "str"
+      }
+    ]
+  },
+  {
+    "key": "volumes",
+    "title": "Persistent Volumes",
+    "vars": [
+      {
+        "name": "volumes_mode",
+        "description": "Volume configuration mode",
+        "type": "enum",
+        "options": ["dynamic-pvc", "existing-pvc"],
+        "default": "dynamic-pvc",
+        "extra": "dynamic-pvc=auto-provision storage, existing-pvc=use existing PVC"
+      },
+      {
+        "name": "volumes_pvc_name",
+        "description": "Existing PVC name",
+        "type": "str",
+        "needs": "volumes_mode=existing-pvc"
+      }
+    ]
   }
 ]

cli/core/schema/kubernetes/v1.0.json

@@ -5,9 +5,242 @@
     "required": true,
     "vars": [
       {
-        "name": "playbook_name",
-        "description": "Ansible playbook name",
-        "type": "str"
+        "name": "resource_name",
+        "description": "Kubernetes resource name",
+        "type": "str",
+        "required": true
+      },
+      {
+        "name": "namespace",
+        "description": "Kubernetes namespace",
+        "type": "str",
+        "default": "default",
+        "required": true
+      }
+    ]
+  },
+  {
+    "key": "resources",
+    "title": "Resource Limits",
+    "toggle": "resources_enabled",
+    "description": "Set CPU and memory limits for the resource.",
+    "vars": [
+      {
+        "name": "resources_enabled",
+        "description": "Enable resource limits",
+        "type": "bool",
+        "default": false
+      },
+      {
+        "name": "resources_cpu_limit",
+        "description": "Maximum CPU cores (e.g., 100m, 500m, 1, 2)",
+        "type": "str",
+        "default": "1",
+        "required": true
+      },
+      {
+        "name": "resources_cpu_request",
+        "description": "Requested CPU cores",
+        "type": "str",
+        "default": "250m",
+        "required": true
+      },
+      {
+        "name": "resources_memory_limit",
+        "description": "Maximum memory (e.g., 512Mi, 1Gi, 2Gi)",
+        "type": "str",
+        "default": "1Gi",
+        "required": true
+      },
+      {
+        "name": "resources_memory_request",
+        "description": "Requested memory",
+        "type": "str",
+        "default": "512Mi",
+        "required": true
+      }
+    ]
+  },
+  {
+    "key": "traefik",
+    "title": "Traefik",
+    "toggle": "traefik_enabled",
+    "description": "Traefik routes external traffic to your service.",
+    "vars": [
+      {
+        "name": "traefik_enabled",
+        "description": "Enable Traefik ingress configuration",
+        "type": "bool",
+        "default": false
+      },
+      {
+        "name": "traefik_host",
+        "description": "Service subdomain or full hostname (e.g., 'app' or 'app.example.com')",
+        "type": "str",
+        "required": true
+      },
+      {
+        "name": "traefik_domain",
+        "description": "Base domain (e.g., example.com)",
+        "type": "str",
+        "default": "home.arpa",
+        "required": true
+      }
+    ]
+  },
+  {
+    "key": "traefik_tls",
+    "title": "Traefik TLS/SSL",
+    "toggle": "traefik_tls_enabled",
+    "needs": ["traefik"],
+    "description": "Enable HTTPS/TLS for Traefik with certificate management.",
+    "vars": [
+      {
+        "name": "traefik_tls_enabled",
+        "description": "Enable HTTPS/TLS",
+        "type": "bool",
+        "default": true
+      },
+      {
+        "name": "traefik_tls_certresolver",
+        "description": "Traefik certificate resolver name",
+        "type": "str",
+        "default": "cloudflare",
+        "required": true
+      }
+    ]
+  },
+  {
+    "key": "database",
+    "title": "Database",
+    "toggle": "database_enabled",
+    "description": "Connect to external database (PostgreSQL or MySQL)",
+    "vars": [
+      {
+        "name": "database_enabled",
+        "description": "Enable external database integration",
+        "type": "bool",
+        "default": false
+      },
+      {
+        "name": "database_type",
+        "description": "Database type",
+        "type": "enum",
+        "options": ["sqlite", "postgres", "mysql", "mariadb"],
+        "default": "postgres",
+        "required": true
+      },
+      {
+        "name": "database_host",
+        "description": "Database host",
+        "type": "str",
+        "default": "database",
+        "required": true
+      },
+      {
+        "name": "database_port",
+        "description": "Database port",
+        "type": "int",
+        "required": true
+      },
+      {
+        "name": "database_name",
+        "description": "Database name",
+        "type": "str",
+        "required": true
+      },
+      {
+        "name": "database_user",
+        "description": "Database user",
+        "type": "str",
+        "required": true
+      },
+      {
+        "name": "database_password",
+        "description": "Database password",
+        "type": "str",
+        "default": "",
+        "sensitive": true,
+        "autogenerated": true,
+        "required": true
+      }
+    ]
+  },
+  {
+    "key": "email",
+    "title": "Email Server",
+    "toggle": "email_enabled",
+    "description": "Configure email server for notifications and user management.",
+    "vars": [
+      {
+        "name": "email_enabled",
+        "description": "Enable email server configuration",
+        "type": "bool",
+        "default": false
+      },
+      {
+        "name": "email_host",
+        "description": "SMTP server hostname",
+        "type": "str",
+        "required": true
+      },
+      {
+        "name": "email_port",
+        "description": "SMTP server port",
+        "type": "int",
+        "default": 25,
+        "required": true
+      },
+      {
+        "name": "email_username",
+        "description": "SMTP username",
+        "type": "str",
+        "required": true
+      },
+      {
+        "name": "email_password",
+        "description": "SMTP password",
+        "type": "str",
+        "sensitive": true,
+        "required": true
+      },
+      {
+        "name": "email_from",
+        "description": "From email address",
+        "type": "str",
+        "required": true
+      },
+      {
+        "name": "email_encryption",
+        "description": "Email encryption method to use",
+        "type": "enum",
+        "options": ["none", "starttls", "ssl"]
+      }
+    ]
+  },
+  {
+    "key": "authentik",
+    "title": "Authentik SSO",
+    "toggle": "authentik_enabled",
+    "description": "Integrate with Authentik for Single Sign-On authentication.",
+    "vars": [
+      {
+        "name": "authentik_enabled",
+        "description": "Enable Authentik SSO integration",
+        "type": "bool",
+        "default": false
+      },
+      {
+        "name": "authentik_url",
+        "description": "Authentik base URL (e.g., https://auth.example.com)",
+        "type": "url",
+        "required": true
+      },
+      {
+        "name": "authentik_slug",
+        "description": "Authentik application slug",
+        "type": "str",
+        "required": true
       }
     ]
   }

cli/core/template/variable_collection.py

@@ -390,14 +390,13 @@ class VariableCollection:
         """
         variable = self._variable_map.get(var_name)
         if not variable:
-            # Variable doesn't exist (filtered out because its section isn't used)
-            # For negative checks (!=), assume satisfied since the variable isn't present
-            # For positive checks (=), assume not satisfied since we can't verify the value
+            # Variable doesn't exist - ignore the constraint and treat as satisfied
+            # This allows templates to override sections without breaking needs constraints
             logger.debug(
                 f"Need '{need_str}' references missing variable '{var_name}' - "
-                f"treating as satisfied={not is_positive} (negative check assumes true)"
+                f"ignoring constraint and treating as satisfied"
             )
-            return not is_positive
+            return True
 
         try:
             actual_value = variable.convert(variable.value)

library/ansible/checkmk-install-agent/playbook.yaml.j2

@@ -1,25 +1,16 @@
 ---
-- name: {{ playbook_name }}
+- name: Install Checkmk agent on all hosts
   hosts: {{ target_hosts }}
-{% if become %}
   become: true
-{% endif %}
-{% if options_enabled and not gather_facts %}
-  gather_facts: false
-{% endif %}
   roles:
     - checkmk.general.agent
   vars:
-    checkmk_agent_version: {{ checkmk_version }}
+    checkmk_agent_version: "2.4.0p15"
     checkmk_agent_server: {{ checkmk_server }}
     checkmk_agent_server_protocol: {{ checkmk_protocol }}
     checkmk_agent_site: {{ checkmk_site }}
-    checkmk_agent_auto_activate: {{ checkmk_auto_activate | lower }}
-    checkmk_agent_tls: "{{ checkmk_tls | lower }}"
-    checkmk_agent_user: {{ '{{' }} automation_user {{ '}}' }}
-    checkmk_agent_pass: {{ '{{' }} automation_secret {{ '}}' }}
-    checkmk_agent_host_name: {{ '{{' }} ansible_hostname {{ '}}' }}
-{% if secrets_enabled %}
-  vars_files:
-    - {{ secrets_file }}
-{% endif %}
+    checkmk_agent_auto_activate: {{ checkmk_auto_activate }}
+    checkmk_agent_tls: {{ checkmk_tls }}
+    checkmk_agent_user: {{ checkmk_user }}
+    checkmk_agent_pass: {{ checkmk_pass }}
+    checkmk_agent_host_name: {{ checkmk_host }}

library/ansible/checkmk-install-agent/template.yaml

@@ -4,9 +4,9 @@ metadata:
   name: Install Checkmk Agent
   description: |-
     Ansible playbook to install Checkmk monitoring agent on hosts. Uses the checkmk.general.agent role with automatic registration.
-
-    Project: https://checkmk.com
-    Documentation: https://docs.checkmk.com/
+    ## References
+    - **Project**: https://github.com/Checkmk/ansible-collection-checkmk.general
+    - **Documentation**: https://docs.checkmk.com/
   version: 2.4.0
   author: Christian Lempa
   date: "2025-11-11"
@@ -20,43 +20,41 @@ schema: "1.0"
 spec:
   checkmk:
     title: Checkmk Configuration
-    required: true
     vars:
-      checkmk_auto_activate:
-        description: Auto-activate changes
-        type: bool
-        default: true
+      checkmk_server:
+        type: str
+        description: Checkmk Server
+        required: true
       checkmk_protocol:
-        description: Server protocol
-        type: enum
+        type: str
+        description: Checkmk Server Protocol
+        enum:
+          - http
+          - https
         default: https
-        options: [https, http]
-      checkmk_server:
-        description: Checkmk server hostname
-        type: hostname
-        default: checkmk.home.arpa
+        required: true
       checkmk_site:
-        description: Checkmk site name
         type: str
+        description: Checkmk Site
         default: cmk
+        required: true
+      checkmk_auto_activate:
+        type: bool
+        description: Auto Activate Agent
       checkmk_tls:
-        description: Enable TLS for agent
         type: bool
-        default: true
-      checkmk_version:
-        description: Checkmk agent version
+        description: Use TLS for Agent Communication
+      checkmk_user:
         type: str
-        default: 2.4.0p4
-  general:
-    vars:
-      become:
+        description: Checkmk Automation User
+        required: true
+      checkmk_pass:
         type: str
-        default: false
-      playbook_name:
-        default: Install Checkmk agent on all hosts
-  secrets:
-    title: secrets
-    vars:
-      secrets_enabled:
+        description: Checkmk Automation User Password
+        required: true
+        sensitive: true
+      checkmk_host:
         type: str
-        default: true
+        description: Checkmk Host Name
+        required: true
+  

library/ansible/checkmk-manage-host/playbook.yaml.j2

@@ -0,0 +1,16 @@
+---
+- name: Manage Checkmk host
+  hosts: localhost
+  gather_facts: false
+  tasks:
+    - name: "Create or update host in Checkmk"
+      checkmk.general.host:
+        server_url: "{{ checkmk_protocol }}://{{ checkmk_server }}"
+        site: {{ checkmk_site }}
+        automation_user: {{ checkmk_user }}
+        automation_secret: {{ checkmk_pass }}
+        name: {{ host_name }}
+        attributes:
+          ipaddress: {{ host_ip }}
+        folder: {{ host_folder }}
+        state: "present"

library/ansible/checkmk-manage-host/template.yaml

@@ -0,0 +1,65 @@
+---
+kind: ansible
+metadata:
+  name: Manage Checkmk Host
+  description: |-
+    Ansible playbook to manage hosts in Checkmk monitoring. Uses the checkmk.general.host module to create or update host configuration.
+    ## References
+    - **Project**: https://github.com/Checkmk/ansible-collection-checkmk.general
+    - **Documentation**: https://docs.checkmk.com/
+  version: 2.4.0
+  author: Christian Lempa
+  date: "2025-11-11"
+  tags: []
+  icon:
+    provider: selfh
+    id: checkmk
+  draft: false
+  next_steps: ""
+schema: "1.0"
+spec:
+  checkmk:
+    title: Checkmk Configuration
+    vars:
+      checkmk_server:
+        type: str
+        description: Checkmk Server
+        required: true
+      checkmk_protocol:
+        type: str
+        description: Checkmk Server Protocol
+        enum:
+          - http
+          - https
+        default: https
+        required: true
+      checkmk_site:
+        type: str
+        description: Checkmk Site
+        default: cmk
+        required: true
+      checkmk_user:
+        type: str
+        description: Checkmk Automation User
+        required: true
+      checkmk_pass:
+        type: str
+        description: Checkmk Automation User Password
+        required: true
+        sensitive: true
+  host:
+    title: Host Configuration
+    vars:
+      host_name:
+        type: str
+        description: Hostname to add to Checkmk
+        required: true
+      host_ip:
+        type: str
+        description: IP address of the host
+        required: true
+      host_folder:
+        type: str
+        description: Folder path in Checkmk
+        default: /
+        required: true

library/ansible/checkmk-manage-hosts/playbook.yaml.j2

@@ -1,29 +0,0 @@
----
-- name: {{ playbook_name }}
-  hosts: {{ target_hosts }}
-{% if become %}
-  become: true
-{% endif %}
-{% if options_enabled and not gather_facts %}
-  gather_facts: false
-{% endif %}
-{% if secrets_enabled %}
-  vars_files:
-    - {{ secrets_file }}
-{% endif %}
-  vars:
-    server_url: {{ checkmk_server_url }}
-    site: {{ checkmk_site }}
-
-  tasks:
-    - name: "Create host"
-      checkmk.general.host:
-        server_url: {{ '{{' }} server_url {{ '}}' }}
-        site: {{ '{{' }} site {{ '}}' }}
-        automation_user: {{ '{{' }} automation_user {{ '}}' }}
-        automation_secret: {{ '{{' }} automation_secret {{ '}}' }}
-        name: {{ host_name }}
-        attributes:
-          ipaddress: {{ host_ip }}
-        folder: {{ host_folder }}
-        state: "present"

library/ansible/checkmk-manage-hosts/template.yaml

@@ -1,73 +0,0 @@
----
-kind: ansible
-metadata:
-  name: Manage Checkmk Hosts
-  description: |-
-    Ansible playbook to manage hosts in Checkmk monitoring. Create or update host configuration in Checkmk.
-
-    Project: https://checkmk.com
-    Documentation: https://docs.checkmk.com/
-  version: 2.4.0
-  author: Christian Lempa
-  date: "2025-11-11"
-  tags: []
-  icon:
-    provider: selfh
-    id: checkmk
-  draft: false
-  next_steps: ""
-schema: "1.0"
-spec:
-  checkmk:
-    title: Checkmk Configuration
-    required: true
-    vars:
-      checkmk_server_url:
-        description: Checkmk server URL
-        type: hostname
-        default: checkmk.home.arpa
-      checkmk_site:
-        description: Checkmk site name
-        type: str
-        default: cmk
-  general:
-    vars:
-      become:
-        type: str
-        default: false
-      playbook_name:
-        default: Manage Checkmk hosts
-      target_hosts:
-        type: str
-        default: localhost
-  host:
-    title: Host Configuration
-    required: true
-    vars:
-      host_folder:
-        description: Folder path in Checkmk
-        type: str
-        default: /
-      host_ip:
-        description: IP address of the host
-        type: str
-        default: host-ip-address
-      host_name:
-        description: Hostname to add to Checkmk
-        type: str
-        default: your-host-name
-  options:
-    title: options
-    vars:
-      gather_facts:
-        type: str
-        default: false
-      options_enabled:
-        type: str
-        default: true
-  secrets:
-    title: secrets
-    vars:
-      secrets_enabled:
-        type: str
-        default: true

library/ansible/docker-certs-enable/template.yaml

@@ -17,6 +17,7 @@ metadata:
   version: 1.0.0
   author: Christian Lempa
   date: '2025-11-11'
+  draft: true
 spec:
   general:
     vars:

library/ansible/docker-certs/template.yaml

@@ -17,6 +17,7 @@ metadata:
   version: 1.0.0
   author: Christian Lempa
   date: '2025-11-11'
+  draft: true
 spec:
   general:
     vars:

library/ansible/docker-install-ubuntu/template.yaml

@@ -17,6 +17,7 @@ metadata:
   version: 27.5.1
   author: Christian Lempa
   date: '2025-11-11'
+  draft: true
 spec:
   general:
     vars:

library/ansible/docker-prune/template.yaml

@@ -17,6 +17,7 @@ metadata:
   version: 1.0.0
   author: Christian Lempa
   date: '2025-11-11'
+  draft: true
 spec:
   general:
     vars:

library/ansible/ubuntu-add-sshkey/template.yaml

@@ -17,6 +17,7 @@ metadata:
   version: 1.0.0
   author: Christian Lempa
   date: '2025-11-11'
+  draft: true
 spec:
   general:
     vars:

library/ansible/ubuntu-apt-update/template.yaml

@@ -17,6 +17,7 @@ metadata:
   version: 1.0.0
   author: Christian Lempa
   date: '2025-11-11'
+  draft: true
 spec:
   general:
     vars:

library/ansible/ubuntu-vm-core/template.yaml

@@ -17,6 +17,7 @@ metadata:
   version: 1.0.0
   author: Christian Lempa
   date: '2025-11-11'
+  draft: true
 spec:
   general:
     vars:

library/compose/adguardhome/template.yaml

@@ -28,7 +28,8 @@ metadata:
     - network
     - volume
   next_steps:
-schema: "1.2"
+  draft: true
+schema: 1.2
 spec:
   general:
     vars:

library/compose/alloy/compose.yaml.j2

@@ -1,17 +1,10 @@
 services:
   {{ service_name }}:
-    image: docker.io/grafana/alloy:{{ alloy_version }}
+    image: docker.io/grafana/alloy:v1.12.0
     restart: {{ restart_policy }}
     {% if container_hostname %}
     hostname: {{ container_hostname }}
     {% endif %}
-    {% if resources_enabled %}
-    deploy:
-      resources:
-        limits:
-          cpus: '1.0'
-          memory: 512M
-    {% endif %}
     {% if traefik_enabled %}
     networks:
       {{ traefik_network }}:
@@ -22,6 +15,7 @@ services:
     {% endif %}
     volumes:
       - {{ service_name }}_data:/alloy/data
+      - ./config.alloy:/etc/alloy/config.alloy:ro
       {% if logs_enabled or metrics_enabled %}
       - /:/rootfs:ro
       - /sys:/sys:ro

library/compose/alloy/config/config.alloy.j2

@@ -8,6 +8,16 @@
  * For more details, visit https://github.com/grafana/alloy-scenarios
  */
 
+// Disable internal traces that are trying to export to Tempo by default
+otelcol.exporter.otlp "tempo" {
+  client {
+    endpoint = "localhost:4317"
+    tls {
+      insecure = true
+    }
+  }
+}
+
 {% if logs_enabled or metrics_enabled %}
 // ============================================================================
 // REMOTE ENDPOINTS

library/compose/alloy/template.yaml

@@ -1,92 +1,77 @@
 ---
 kind: compose
-schema: "1.2"
 metadata:
-  icon:
-    provider: selfh
-    id: alloy
   name: Grafana Alloy
-  description: |
+  description: |-
     Grafana Alloy is an open telemetry collector that collects, processes, and exports metrics to various backends.
-    
     ## Resources
     - **Project**: https://grafana.com/oss/alloy/
     - **Documentation**: https://grafana.com/docs/alloy/latest/
     - **GitHub**: https://github.com/grafana/alloy
   version: v1.11.2
   author: Christian Lempa
-  date: '2025-10-13'
+  date: "2025-10-13"
   tags:
     - traefik
+  icon:
+    provider: selfh
+    id: grafana
+  next_steps:
+schema: 1.2
 spec:
   general:
     vars:
       service_name:
         default: alloy
-      container_name:
-        default: alloy
-      alloy_version:
-        type: str
-        description: Grafana Alloy version to use
-        default: v1.11.2
-      restart_policy:
-        type: str
-        description: Restart policy for the container
-        default: unless-stopped
-  ports:
-    vars:
-      ports_webui:
-        type: int
-        description: Port for Alloy web UI
-        default: 12345
-  traefik:
-    required: false
-    vars:
-      traefik_enabled:
-        type: bool
-        default: false
-      traefik_host:
-        type: str
-        default: alloy.localhost
   logs:
     title: Log Collection
     toggle: logs_enabled
     vars:
-      logs_enabled:
+      logs_docker:
+        description: Enable Docker container log collection
         type: bool
+        default: true
+      logs_enabled:
         description: Enable log collection
+        type: bool
         default: false
       logs_loki_url:
-        type: url
         description: Loki endpoint URL for sending logs
+        type: url
         default: http://loki:3100/loki/api/v1/push
         required: true
-      logs_docker:
-        type: bool
-        description: Enable Docker container log collection
-        default: true
       logs_system:
-        type: bool
         description: Enable system and journalctl log collection
+        type: bool
         default: true
   metrics:
     title: Metrics Collection
     toggle: metrics_enabled
     vars:
-      metrics_enabled:
+      metrics_docker:
+        description: Enable Docker container metrics collection (cAdvisor)
         type: bool
+        default: true
+      metrics_enabled:
         description: Enable metrics collection
+        type: bool
         default: false
       metrics_prometheus_url:
-        type: url
         description: Prometheus remote write endpoint
+        type: url
         default: http://prometheus:9090/api/v1/write
         required: true
-      metrics_docker:
-        type: bool
-        description: Enable Docker container metrics collection (cAdvisor)
-        default: true
       metrics_system:
-        type: bool
         description: Enable system (node) metrics collection
+        type: bool
         default: true
+  ports:
+    vars:
+      ports_webui:
+        description: Port for Alloy web UI
+        type: int
+        default: 12345
+  traefik:
+    vars:
+      traefik_host:
+        default: alloy

library/compose/authentik/compose.yaml.j2

@@ -49,6 +49,22 @@ services:
       - traefik.http.routers.{{ service_name }}_http.service={{ service_name }}_web
       - traefik.http.routers.{{ service_name }}_http.rule=Host(`{{ traefik_host }}.{{ traefik_domain }}`)
       - traefik.http.routers.{{ service_name }}_http.entrypoints=web
+      - "traefik.http.middlewares.authentik.forwardauth.address=\
+        http://{{ service_name }}:9000/outpost.goauthentik.io/auth/traefik"
+      - "traefik.http.middlewares.authentik.forwardauth.trustForwardHeader=true"
+      - "traefik.http.middlewares.authentik.forwardauth.authResponseHeaders=\
+        X-authentik-username,\
+        X-authentik-groups,\
+        X-authentik-entitlements,\
+        X-authentik-email,\
+        X-authentik-name,\
+        X-authentik-uid,\
+        X-authentik-jwt,\
+        X-authentik-meta-jwks,\
+        X-authentik-meta-outpost,\
+        X-authentik-meta-provider,\
+        X-authentik-meta-app,\
+        X-authentik-meta-version"
       {% if traefik_tls_enabled %}
       - traefik.http.routers.{{ service_name }}_https.service={{ service_name }}_web
       - traefik.http.routers.{{ service_name }}_https.rule=Host(`{{ traefik_host }}.{{ traefik_domain }}`)

library/compose/gitlab-runner/template.yaml

@@ -14,14 +14,8 @@ metadata:
   tags: []
   icon:
     provider: selfh
-    id: gitlab-runner
+    id: gitlab
   draft: false
   next_steps: ""
 schema: "1.2"
-spec:
-  general:
-    vars:
-      gitlab-runner_version:
-        description: Gitlab-Runner version
-        type: str
-        default: latest
+spec: {}

library/compose/grafana/compose.yaml.j2

@@ -2,10 +2,8 @@ services:
   {{ service_name }}:
     image: docker.io/grafana/grafana-oss:12.1.1
     restart: {{ restart_policy }}
+    {% if database_type == 'postgres' or authentik_enabled%}
     environment:
-      - TZ={{ container_timezone }}
-      - UID={{ user_uid }}
-      - GID={{ user_gid }}
       {% if database_type == 'postgres' %}
       - GF_DATABASE_TYPE=postgres
       {% if database_external %}
@@ -35,6 +33,7 @@ services:
       - GF_AUTH_OAUTH_ALLOW_INSECURE_EMAIL_LOOKUP=true
       - GF_AUTH_GENERIC_OAUTH_SKIP_ORG_ROLE_SYNC=true
       {% endif %}
+    {% endif %}
     {% if traefik_enabled %}
     networks:
       {{ traefik_network }}:

library/compose/grafana/template.yaml

@@ -12,13 +12,19 @@ metadata:
   icon:
     provider: selfh
     id: grafana
+  next_steps: |-
+    Log in with the initial admin user:
+    ```bash
+    Username: admin
+    Password: admin
+    ```
   version: 12.1.1
   author: Christian Lempa
   date: '2025-09-28'
   tags:
     - traefik
     - authentik
-schema: "1.2"
+schema: 1.2
 spec:
   general:
     vars:

library/compose/homeassistant/template.yaml

@@ -1,32 +1,26 @@
 ---
 kind: compose
-schema: "1.2"
 metadata:
-  icon:
-    provider: selfh
-    id: homeassistant
   name: Homeassistant
-  description: >
-    Home Assistant is an open-source platform for smart home automation that puts local control and privacy first.
-    This template sets up Home Assistant in a Docker container using Docker Compose.
-
+  description: |-
+    Home Assistant is an open-source platform for smart home automation that puts local control and privacy first. This template sets up Home Assistant in a Docker container using Docker Compose.
 
     Project: https://www.home-assistant.io/
-
     Documentation: https://www.home-assistant.io/docs/
   version: 2025.11.1
   author: Christian Lempa
-  date: '2025-11-07'
+  date: "2025-11-07"
   tags: []
+  icon:
+    provider: selfh
+    id: home-assistant
   draft: true
+  next_steps: ""
+schema: "1.2"
 spec:
   general:
     vars:
-      service_name:
-        default: homeassistant
       container_name:
         default: homeassistant
-      homeassistant_version:
-        type: str
-        description: Homeassistant version
-        default: latest
+      service_name:
+        default: homeassistant

library/compose/loki/compose.yaml.j2

@@ -23,18 +23,12 @@ services:
       - traefik.http.routers.{{ service_name }}_http.service={{ service_name }}_web
       - traefik.http.routers.{{ service_name }}_http.rule=Host(`{{ traefik_host }}.{{ traefik_domain }}`)
       - traefik.http.routers.{{ service_name }}_http.entrypoints=web
-      {% if authentik_enabled %}
-      - traefik.http.routers.{{ service_name }}_http.middlewares=authentik-headers@file
-      {% endif %}
       {% if traefik_tls_enabled %}
       - traefik.http.routers.{{ service_name }}_https.service={{ service_name }}_web
       - traefik.http.routers.{{ service_name }}_https.rule=Host(`{{ traefik_host }}.{{ traefik_domain }}`)
       - traefik.http.routers.{{ service_name }}_https.entrypoints=websecure
       - traefik.http.routers.{{ service_name }}_https.tls=true
       - traefik.http.routers.{{ service_name }}_https.tls.certresolver={{ traefik_tls_certresolver }}
-      {% if authentik_enabled %}
-      - traefik.http.routers.{{ service_name }}_https.middlewares=authentik-headers@file
-      {% endif %}
       {% endif %}
     {% endif %}
 

library/compose/loki/config/config.yaml → library/compose/loki/config/config.yaml.j2

@@ -27,7 +27,7 @@ schema_config:
         period: 24h
 
 limits_config:
-  retention_period: {{ data_retention_days + 'd'}}
+  retention_period: "{{ data_retention_days }}d"
   ingestion_rate_mb: 4
   ingestion_burst_size_mb: 6
   max_streams_per_user: 10000

library/compose/loki/template.yaml

@@ -18,7 +18,7 @@ metadata:
   tags:
     - traefik
     - authentik
-schema: "1.2"
+schema: 1.2
 spec:
   general:
     vars:
@@ -35,4 +35,4 @@ spec:
   traefik:
     vars:
       traefik_host:
-        default: "loki"
+        default: loki

library/compose/nextcloud/compose.yaml.j2.bak3

@@ -1,169 +0,0 @@
-services:
-  {{ service_name }}-app:
-    image: docker.io/library/nextcloud:31.0.10-apache
-    {% if not swarm_enabled %}
-    restart: {{ restart_policy }}
-    container_name: {{ container_name }}-app
-    {% endif %}
-    environment:
-      - TZ={{ container_timezone }}
-      {% if database_type == 'mysql' %}
-      - MYSQL_PASSWORD=${MYSQL_PASSWORD}
-      - MYSQL_DATABASE={{ database_name }}
-      - MYSQL_USER={{ database_user }}
-      - MYSQL_HOST={{ service_name }}-db
-      {% elif database_type == 'postgres' %}
-      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
-      - POSTGRES_DB={{ database_name }}
-      - POSTGRES_USER={{ database_user }}
-      - POSTGRES_HOST={{ service_name }}-db
-      {% endif %}
-    {% if network_mode == 'host' %}
-    network_mode: host
-    {% else %}
-    networks:
-      {% if traefik_enabled %}
-      {{ traefik_network }}:
-      {% endif %}
-      {% if network_mode == 'macvlan' %}
-      {{ network_name }}:
-        ipv4_address: {{ network_macvlan_ipv4_address }}
-      {% elif network_mode == 'bridge' %}
-      {{ network_name }}:
-      {% endif %}
-    {% endif %}
-    {% if not traefik_enabled and network_mode == 'bridge' %}
-    ports:
-      {% if swarm_enabled %}
-      - target: 80
-        published: {{ ports_http }}
-        protocol: tcp
-        mode: host
-      {% else %}
-      - "{{ ports_http }}:80"
-      {% endif %}
-    {% endif %}
-    volumes:
-      - nextcloud-data:/var/www/html
-    {% if traefik_enabled and not swarm_enabled %}
-    labels:
-      - traefik.enable=true
-      - traefik.docker.network={{ traefik_network }}
-      - traefik.http.services.{{ service_name }}-web.loadbalancer.server.port=80
-      - traefik.http.routers.{{ service_name }}-web-http.rule=Host(`{{ traefik_host }}.{{ traefik_domain }}`)
-      - traefik.http.routers.{{ service_name }}-web-http.entrypoints={{ traefik_entrypoint }}
-      - traefik.http.routers.{{ service_name }}-web-http.service={{ service_name }}-web
-      {% if traefik_tls_enabled %}
-      - traefik.http.routers.{{ service_name }}-web-https.rule=Host(`{{ traefik_host }}.{{ traefik_domain }}`)
-      - traefik.http.routers.{{ service_name }}-web-https.entrypoints={{ traefik_tls_entrypoint }}
-      - traefik.http.routers.{{ service_name }}-web-https.tls=true
-      - traefik.http.routers.{{ service_name }}-web-https.tls.certresolver={{ traefik_tls_certresolver }}
-      - traefik.http.routers.{{ service_name }}-web-https.service={{ service_name }}-web
-      {% endif %}
-    {% endif %}
-    depends_on:
-      - {{ service_name }}-db
-    {% if swarm_enabled %}
-    deploy:
-      replicas: {{ swarm_replicas }}
-      {% if traefik_enabled %}
-      labels:
-        - traefik.enable=true
-        - traefik.docker.network={{ traefik_network }}
-        - traefik.http.services.{{ service_name }}-web.loadbalancer.server.port=80
-        - traefik.http.routers.{{ service_name }}-web-http.rule=Host(`{{ traefik_host }}.{{ traefik_domain }}`)
-        - traefik.http.routers.{{ service_name }}-web-http.entrypoints={{ traefik_entrypoint }}
-        - traefik.http.routers.{{ service_name }}-web-http.service={{ service_name }}-web
-        {% if traefik_tls_enabled %}
-        - traefik.http.routers.{{ service_name }}-web-https.rule=Host(`{{ traefik_host }}.{{ traefik_domain }}`)
-        - traefik.http.routers.{{ service_name }}-web-https.entrypoints={{ traefik_tls_entrypoint }}
-        - traefik.http.routers.{{ service_name }}-web-https.tls=true
-        - traefik.http.routers.{{ service_name }}-web-https.tls.certresolver={{ traefik_tls_certresolver }}
-        - traefik.http.routers.{{ service_name }}-web-https.service={{ service_name }}-web
-        {% endif %}
-      {% endif %}
-    {% endif %}
-
-  {{ service_name }}-db:
-    {% if database_type == 'mysql' %}
-    # See compatibility matrix for Nextcloud 31
-    # https://docs.nextcloud.com/server/31/admin_manual/installation/system_requirements.html
-    image: docker.io/library/mariadb:10.11.14
-    {% if not swarm_enabled %}
-    restart: {{ restart_policy }}
-    container_name: {{ service_name }}-db
-    {% endif %}
-    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
-    environment:
-      - TZ={{ container_timezone }}
-      - MYSQL_RANDOM_ROOT_PASSWORD=true
-      - MYSQL_PASSWORD=${MYSQL_PASSWORD}
-      - MYSQL_DATABASE={{ database_name }}
-      - MYSQL_USER={{ database_user }}
-    {% if network_mode == 'host' %}
-    network_mode: host
-    {% else %}
-    networks:
-      {% if network_mode == 'macvlan' %}
-      {{ network_name }}:
-        ipv4_address: {{ network_macvlan_ipv4_address_db }}
-      {% elif network_mode == 'bridge' %}
-      {{ network_name }}:
-      {% endif %}
-    {% endif %}
-    volumes:
-      - nextcloud-db:/var/lib/mysql
-    {% elif database_type == 'postgres' %}
-    image: docker.io/library/postgres:17.6
-    {% if not swarm_enabled %}
-    restart: {{ restart_policy }}
-    container_name: {{ service_name }}-db
-    {% endif %}
-    environment:
-      - TZ={{ container_timezone }}
-      - POSTGRES_USER={{ database_user }}
-      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
-      - POSTGRES_DB={{ database_name }}
-    {% if network_mode == 'host' %}
-    network_mode: host
-    {% else %}
-    networks:
-      {% if network_mode == 'macvlan' %}
-      {{ network_name }}:
-        ipv4_address: {{ network_macvlan_ipv4_address_db }}
-      {% elif network_mode == 'bridge' %}
-      {{ network_name }}:
-      {% endif %}
-    {% endif %}
-    volumes:
-      - nextcloud-db:/var/lib/postgresql/data
-    {% endif %}
-    {% if swarm_enabled %}
-    deploy:
-      replicas: 1
-    {% endif %}
-
-volumes:
-  nextcloud-data:
-    driver: local
-  nextcloud-db:
-    driver: local
-
-networks:
-  {% if traefik_enabled %}
-  {{ traefik_network }}:
-    external: true
-  {% endif %}
-  {% if network_mode == 'macvlan' %}
-  {{ network_name }}:
-    driver: macvlan
-    driver_opts:
-      parent: {{ network_macvlan_parent_interface }}
-    ipam:
-      config:
-        - subnet: {{ network_macvlan_subnet }}
-          gateway: {{ network_macvlan_gateway }}
-  {% elif network_mode == 'bridge' %}
-  {{ network_name }}:
-    driver: {% if swarm_enabled %}overlay{% else %}bridge{% endif %}
-  {% endif %}

library/compose/nextcloud/compose.yaml.j2.final

@@ -1,142 +0,0 @@
-services:
-  {{ service_name }}-app:
-    image: docker.io/library/nextcloud:31.0.10-apache
-    {% if not swarm_enabled %}
-    restart: {{ restart_policy }}
-    container_name: {{ container_name }}-app
-    {% endif %}
-    environment:
-      - TZ={{ container_timezone }}
-      {% if database_type == 'mysql' %}
-      - MYSQL_PASSWORD=${MYSQL_PASSWORD}
-      - MYSQL_DATABASE={{ database_name }}
-      - MYSQL_USER={{ database_user }}
-      - MYSQL_HOST={{ service_name }}-db
-      {% elif database_type == 'postgres' %}
-      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
-      - POSTGRES_DB={{ database_name }}
-      - POSTGRES_USER={{ database_user }}
-      - POSTGRES_HOST={{ service_name }}-db
-      {% endif %}
-      {% if network_mode == 'macvlan' %}
-      {{ network_name }}:
-        ipv4_address: {{ network_macvlan_ipv4_address }}
-      {% elif network_mode == 'bridge' %}
-      {{ network_name }}:
-      {% endif %}
-    {% endif %}
-    {% if not traefik_enabled and network_mode == 'bridge' %}
-    ports:
-      {% if swarm_enabled %}
-      - target: 80
-        published: {{ ports_http }}
-        protocol: tcp
-        mode: host
-      {% else %}
-      - "{{ ports_http }}:80"
-      {% endif %}
-    {% endif %}
-    volumes:
-      - nextcloud-data:/var/www/html
-    {% if traefik_enabled and not swarm_enabled %}
-    labels:
-      - traefik.enable=true
-      - traefik.docker.network={{ traefik_network }}
-      - traefik.http.services.{{ service_name }}-web.loadbalancer.server.port=80
-      - traefik.http.routers.{{ service_name }}-web-http.rule=Host(`{{ traefik_host }}.{{ traefik_domain }}`)
-      - traefik.http.routers.{{ service_name }}-web-http.entrypoints={{ traefik_entrypoint }}
-      - traefik.http.routers.{{ service_name }}-web-http.service={{ service_name }}-web
-      {% if traefik_tls_enabled %}
-      - traefik.http.routers.{{ service_name }}-web-https.rule=Host(`{{ traefik_host }}.{{ traefik_domain }}`)
-      - traefik.http.routers.{{ service_name }}-web-https.entrypoints={{ traefik_tls_entrypoint }}
-      - traefik.http.routers.{{ service_name }}-web-https.tls=true
-      - traefik.http.routers.{{ service_name }}-web-https.tls.certresolver={{ traefik_tls_certresolver }}
-      - traefik.http.routers.{{ service_name }}-web-https.service={{ service_name }}-web
-      {% endif %}
-    {% endif %}
-    depends_on:
-      - {{ service_name }}-db
-    {% if swarm_enabled %}
-    deploy:
-      replicas: {{ swarm_replicas }}
-      {% if traefik_enabled %}
-      labels:
-        - traefik.enable=true
-        - traefik.docker.network={{ traefik_network }}
-        - traefik.http.services.{{ service_name }}-web.loadbalancer.server.port=80
-        - traefik.http.routers.{{ service_name }}-web-http.rule=Host(`{{ traefik_host }}.{{ traefik_domain }}`)
-        - traefik.http.routers.{{ service_name }}-web-http.entrypoints={{ traefik_entrypoint }}
-        - traefik.http.routers.{{ service_name }}-web-http.service={{ service_name }}-web
-        {% if traefik_tls_enabled %}
-        - traefik.http.routers.{{ service_name }}-web-https.rule=Host(`{{ traefik_host }}.{{ traefik_domain }}`)
-        - traefik.http.routers.{{ service_name }}-web-https.entrypoints={{ traefik_tls_entrypoint }}
-        - traefik.http.routers.{{ service_name }}-web-https.tls=true
-        - traefik.http.routers.{{ service_name }}-web-https.tls.certresolver={{ traefik_tls_certresolver }}
-        - traefik.http.routers.{{ service_name }}-web-https.service={{ service_name }}-web
-        {% endif %}
-      {% endif %}
-    {% endif %}
-
-  {{ service_name }}-db:
-    {% if database_type == 'mysql' %}
-    # See compatibility matrix for Nextcloud 31
-    # https://docs.nextcloud.com/server/31/admin_manual/installation/system_requirements.html
-    image: docker.io/library/mariadb:10.11.14
-    {% if not swarm_enabled %}
-    restart: {{ restart_policy }}
-    container_name: {{ service_name }}-db
-    {% endif %}
-    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
-    environment:
-      - TZ={{ container_timezone }}
-      - MYSQL_RANDOM_ROOT_PASSWORD=true
-      - MYSQL_PASSWORD=${MYSQL_PASSWORD}
-      - MYSQL_DATABASE={{ database_name }}
-      - MYSQL_USER={{ database_user }}
-    {% endif %}
-    volumes:
-      - nextcloud-db:/var/lib/mysql
-    {% elif database_type == 'postgres' %}
-    image: docker.io/library/postgres:17.6
-    {% if not swarm_enabled %}
-    restart: {{ restart_policy }}
-    container_name: {{ service_name }}-db
-    {% endif %}
-    environment:
-      - TZ={{ container_timezone }}
-      - POSTGRES_USER={{ database_user }}
-      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
-      - POSTGRES_DB={{ database_name }}
-    {% endif %}
-    volumes:
-      - nextcloud-db:/var/lib/postgresql/data
-    {% endif %}
-    {% if swarm_enabled %}
-    deploy:
-      replicas: 1
-    {% endif %}
-
-volumes:
-  nextcloud-data:
-    driver: local
-  nextcloud-db:
-    driver: local
-
-networks:
-  {% if traefik_enabled %}
-  {{ traefik_network }}:
-    external: true
-  {% endif %}
-  {% if network_mode == 'macvlan' %}
-  {{ network_name }}:
-    driver: macvlan
-    driver_opts:
-      parent: {{ network_macvlan_parent_interface }}
-    ipam:
-      config:
-        - subnet: {{ network_macvlan_subnet }}
-          gateway: {{ network_macvlan_gateway }}
-  {% elif network_mode == 'bridge' %}
-  {{ network_name }}:
-    driver: {% if swarm_enabled %}overlay{% else %}bridge{% endif %}
-  {% endif %}

library/compose/nextcloud/compose.yaml.j2.portfix

@@ -1,124 +0,0 @@
-services:
-  {{ service_name }}-app:
-    image: docker.io/library/nextcloud:31.0.10-apache
-    {% if not swarm_enabled %}
-    restart: {{ restart_policy }}
-    container_name: {{ container_name }}-app
-    {% endif %}
-    environment:
-      - TZ={{ container_timezone }}
-      {% if database_type == 'mysql' %}
-      - MYSQL_PASSWORD=${MYSQL_PASSWORD}
-      - MYSQL_DATABASE={{ database_name }}
-      - MYSQL_USER={{ database_user }}
-      - MYSQL_HOST={{ service_name }}-db
-      {% elif database_type == 'postgres' %}
-      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
-      - POSTGRES_DB={{ database_name }}
-      - POSTGRES_USER={{ database_user }}
-      - POSTGRES_HOST={{ service_name }}-db
-      {% endif %}
-    {% endif %}
-    {% if not traefik_enabled and network_mode == 'bridge' %}
-    ports:
-      {% if swarm_enabled %}
-      - target: 80
-        published: {{ ports_http }}
-        protocol: tcp
-        mode: host
-      {% else %}
-      - "{{ ports_http }}:80"
-      {% endif %}
-    {% endif %}
-    volumes:
-      - nextcloud-data:/var/www/html
-    {% if traefik_enabled and not swarm_enabled %}
-    labels:
-      - traefik.enable=true
-      - traefik.docker.network={{ traefik_network }}
-      - traefik.http.services.{{ service_name }}-web.loadbalancer.server.port=80
-      - traefik.http.routers.{{ service_name }}-web-http.rule=Host(`{{ traefik_host }}.{{ traefik_domain }}`)
-      - traefik.http.routers.{{ service_name }}-web-http.entrypoints={{ traefik_entrypoint }}
-      - traefik.http.routers.{{ service_name }}-web-http.service={{ service_name }}-web
-      {% if traefik_tls_enabled %}
-      - traefik.http.routers.{{ service_name }}-web-https.rule=Host(`{{ traefik_host }}.{{ traefik_domain }}`)
-      - traefik.http.routers.{{ service_name }}-web-https.entrypoints={{ traefik_tls_entrypoint }}
-      - traefik.http.routers.{{ service_name }}-web-https.tls=true
-      - traefik.http.routers.{{ service_name }}-web-https.tls.certresolver={{ traefik_tls_certresolver }}
-      - traefik.http.routers.{{ service_name }}-web-https.service={{ service_name }}-web
-      {% endif %}
-    {% endif %}
-    depends_on:
-      - {{ service_name }}-db
-    {% if swarm_enabled %}
-    deploy:
-      replicas: {{ swarm_replicas }}
-      {% if traefik_enabled %}
-      labels:
-        - traefik.enable=true
-        - traefik.docker.network={{ traefik_network }}
-        - traefik.http.services.{{ service_name }}-web.loadbalancer.server.port=80
-        - traefik.http.routers.{{ service_name }}-web-http.rule=Host(`{{ traefik_host }}.{{ traefik_domain }}`)
-        - traefik.http.routers.{{ service_name }}-web-http.entrypoints={{ traefik_entrypoint }}
-        - traefik.http.routers.{{ service_name }}-web-http.service={{ service_name }}-web
-        {% if traefik_tls_enabled %}
-        - traefik.http.routers.{{ service_name }}-web-https.rule=Host(`{{ traefik_host }}.{{ traefik_domain }}`)
-        - traefik.http.routers.{{ service_name }}-web-https.entrypoints={{ traefik_tls_entrypoint }}
-        - traefik.http.routers.{{ service_name }}-web-https.tls=true
-        - traefik.http.routers.{{ service_name }}-web-https.tls.certresolver={{ traefik_tls_certresolver }}
-        - traefik.http.routers.{{ service_name }}-web-https.service={{ service_name }}-web
-        {% endif %}
-      {% endif %}
-    {% endif %}
-
-  {{ service_name }}-db:
-    {% if database_type == 'mysql' %}
-    # See compatibility matrix for Nextcloud 31
-    # https://docs.nextcloud.com/server/31/admin_manual/installation/system_requirements.html
-    image: docker.io/library/mariadb:10.11.14
-    {% if not swarm_enabled %}
-    restart: {{ restart_policy }}
-    container_name: {{ service_name }}-db
-    {% endif %}
-    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
-    environment:
-      - TZ={{ container_timezone }}
-      - MYSQL_RANDOM_ROOT_PASSWORD=true
-      - MYSQL_PASSWORD=${MYSQL_PASSWORD}
-      - MYSQL_DATABASE={{ database_name }}
-      - MYSQL_USER={{ database_user }}
-    {% endif %}
-    volumes:
-      - nextcloud-db:/var/lib/mysql
-    {% elif database_type == 'postgres' %}
-    image: docker.io/library/postgres:17.6
-    {% if not swarm_enabled %}
-    restart: {{ restart_policy }}
-    container_name: {{ service_name }}-db
-    {% endif %}
-    environment:
-      - TZ={{ container_timezone }}
-      - POSTGRES_USER={{ database_user }}
-      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
-      - POSTGRES_DB={{ database_name }}
-    {% endif %}
-    volumes:
-      - nextcloud-db:/var/lib/postgresql/data
-    {% endif %}
-    {% if swarm_enabled %}
-    deploy:
-      replicas: 1
-    {% endif %}
-
-volumes:
-  nextcloud-data:
-    driver: local
-  nextcloud-db:
-    driver: local
-
-networks:
-  {% if traefik_enabled %}
-  {{ traefik_network }}:
-    external: true
-  {% endif %}
-  {% endif %}

library/compose/prometheus/compose.yaml.j2

@@ -2,183 +2,55 @@
 services:
   {{ service_name }}:
     image: docker.io/prom/prometheus:v3.7.3
-    {% if not swarm_enabled %}
     restart: {{ restart_policy }}
-    container_name: {{ container_name }}
-    {% endif %}
-    hostname: {{ container_hostname }}
     command:
       - --config.file=/etc/prometheus/prometheus.yaml
       - --storage.tsdb.retention.time={{ metrics_retention_time }}
       {% if metrics_retention_size != '0' %}
       - --storage.tsdb.retention.size={{ metrics_retention_size }}
       {% endif %}
-      {% if metrics_web_external_url %}
-      - --web.external-url={{ metrics_web_external_url }}
+      {% if metrics_enable_remote_write %}
+      - --web.enable-remote-write-receiver
       {% endif %}
-    environment:
-      - TZ={{ container_timezone }}
-      - UID={{ user_uid }}
-      - GID={{ user_gid }}
-    {% if not traefik_enabled and network_mode == 'bridge' %}
-    ports:
-      {% if swarm_enabled %}
-      - target: 9090
-        published: {{ ports_http }}
-        protocol: tcp
-        mode: host
+      {% if traefik_enabled %}
+      {% if traefik_tls_enabled %}
+      - --web.external-url=https://{{ traefik_host }}.{{ traefik_domain }}
       {% else %}
-      - "{{ ports_http }}:9090"
+      - --web.external-url=http://{{ traefik_host }}.{{ traefik_domain }}
       {% endif %}
+      {% endif %}
+    {% if not traefik_enabled  %}
+    ports:
+      - "{{ ports_http }}:9090"
     {% endif %}
     volumes:
-      {% if volume_mode == 'mount' %}
-      - {{ volume_mount_path }}/data:/prometheus:rw
-      {% else %}
-      - {{ service_name }}-data:/prometheus
-      {% endif %}
-      {% if not swarm_enabled %}
-      {% if volume_mode == 'mount' %}
-      - {{ volume_mount_path }}/config/prometheus.yaml:/etc/prometheus/prometheus.yaml:ro
-      {% else %}
+      - {{ service_name }}_data:/prometheus
       - ./config/prometheus.yaml:/etc/prometheus/prometheus.yaml:ro
-      {% endif %}
-      {% endif %}
-    {% if network_mode == 'host' %}
-    network_mode: host
-    {% else %}
+    {% if traefik_enabled  %}
     networks:
-      {% if traefik_enabled %}
       {{ traefik_network }}:
-      {% endif %}
-      {% if network_mode == 'macvlan' %}
-      {{ network_name }}:
-        ipv4_address: {{ network_macvlan_ipv4_address }}
-      {% elif network_mode == 'bridge' %}
-      {{ network_name }}:
-      {% endif %}
-    {% endif %}
-    {% if swarm_enabled %}
-    configs:
-      - source: {{ service_name }}_config
-        target: /etc/prometheus/prometheus.yaml
-    {% endif %}
-    {% if swarm_enabled or resources_enabled %}
-    deploy:
-      {% if swarm_enabled %}
-      mode: {{ swarm_placement_mode }}
-      {% if swarm_placement_mode == 'replicated' %}
-      replicas: {{ swarm_replicas }}
-      {% endif %}
-      {% if swarm_placement_host %}
-      placement:
-        constraints:
-          - node.hostname == {{ swarm_placement_host }}
-      {% endif %}
-      restart_policy:
-        condition: on-failure
-      {% endif %}
-      {% if resources_enabled %}
-      resources:
-        limits:
-          cpus: '{{ resources_cpu_limit }}'
-          memory: {{ resources_memory_limit }}
-        {% if swarm_enabled %}
-        reservations:
-          cpus: '{{ resources_cpu_reservation }}'
-          memory: {{ resources_memory_reservation }}
-        {% endif %}
-      {% endif %}
-      {% if swarm_enabled and traefik_enabled %}
-      labels:
-        - traefik.enable=true
-        - traefik.docker.network={{ traefik_network }}
-        - traefik.http.services.{{ service_name }}-web.loadBalancer.server.port=9090
-        - traefik.http.routers.{{ service_name }}-http.service={{ service_name }}-web
-        - traefik.http.routers.{{ service_name }}-http.rule=Host(`{{ traefik_host }}.{{ traefik_domain }}`)
-        - traefik.http.routers.{{ service_name }}-http.entrypoints={{ traefik_entrypoint }}
-        {% if authentik_enabled %}
-        - traefik.http.routers.{{ service_name }}-http.middlewares={{ authentik_traefik_middleware }}
-        {% endif %}
-        {% if traefik_tls_enabled %}
-        - traefik.http.routers.{{ service_name }}-https.service={{ service_name }}-web
-        - traefik.http.routers.{{ service_name }}-https.rule=Host(`{{ traefik_host }}.{{ traefik_domain }}`)
-        - traefik.http.routers.{{ service_name }}-https.entrypoints={{ traefik_tls_entrypoint }}
-        - traefik.http.routers.{{ service_name }}-https.tls=true
-        - traefik.http.routers.{{ service_name }}-https.tls.certresolver={{ traefik_tls_certresolver }}
-        {% if authentik_enabled %}
-        - traefik.http.routers.{{ service_name }}-https.middlewares={{ authentik_traefik_middleware }}
-        {% endif %}
-        {% endif %}
-      {% endif %}
-    {% endif %}
-    {% if traefik_enabled and not swarm_enabled %}
     labels:
       - traefik.enable=true
       - traefik.docker.network={{ traefik_network }}
-      - traefik.http.services.{{ service_name }}-web.loadBalancer.server.port=9090
-      - traefik.http.routers.{{ service_name }}-http.service={{ service_name }}-web
-      - traefik.http.routers.{{ service_name }}-http.rule=Host(`{{ traefik_host }}.{{ traefik_domain }}`)
-      - traefik.http.routers.{{ service_name }}-http.entrypoints={{ traefik_entrypoint }}
-      {% if authentik_enabled %}
-      - traefik.http.routers.{{ service_name }}-http.middlewares={{ authentik_traefik_middleware }}
-      {% endif %}
+      - traefik.http.services.{{ service_name }}_web.loadBalancer.server.port=9090
+      - traefik.http.routers.{{ service_name }}_http.service={{ service_name }}_web
+      - traefik.http.routers.{{ service_name }}_http.rule=Host(`{{ traefik_host }}.{{ traefik_domain }}`)
+      - traefik.http.routers.{{ service_name }}_http.entrypoints=web
       {% if traefik_tls_enabled %}
-      - traefik.http.routers.{{ service_name }}-https.service={{ service_name }}-web
-      - traefik.http.routers.{{ service_name }}-https.rule=Host(`{{ traefik_host }}.{{ traefik_domain }}`)
-      - traefik.http.routers.{{ service_name }}-https.entrypoints={{ traefik_tls_entrypoint }}
-      - traefik.http.routers.{{ service_name }}-https.tls=true
-      - traefik.http.routers.{{ service_name }}-https.tls.certresolver={{ traefik_tls_certresolver }}
-      {% if authentik_enabled %}
-      - traefik.http.routers.{{ service_name }}-https.middlewares={{ authentik_traefik_middleware }}
-      {% endif %}
+      - traefik.http.routers.{{ service_name }}_https.service={{ service_name }}_web
+      - traefik.http.routers.{{ service_name }}_https.rule=Host(`{{ traefik_host }}.{{ traefik_domain }}`)
+      - traefik.http.routers.{{ service_name }}_https.entrypoints=websecure
+      - traefik.http.routers.{{ service_name }}_https.tls=true
+      - traefik.http.routers.{{ service_name }}_https.tls.certresolver={{ traefik_tls_certresolver }}
       {% endif %}
     {% endif %}
 
-{% if volume_mode == 'local' %}
 volumes:
-  {{ service_name }}-data:
+  {{ service_name }}_data:
     driver: local
-{% elif volume_mode == 'nfs' %}
-volumes:
-  {{ service_name }}-data:
-    driver: local
-    driver_opts:
-      type: nfs
-      o: addr={{ volume_nfs_server }},{{ volume_nfs_options }}
-      device: ":{{ volume_nfs_path }}/data"
-{% endif %}
 
-{% if network_mode != 'host' %}
+{% if traefik_enabled %}
 networks:
-  {{ network_name }}:
-    {% if network_external %}
-    external: true
-    {% else %}
-    {% if network_mode == 'macvlan' %}
-    driver: macvlan
-    driver_opts:
-      parent: {{ network_macvlan_parent_interface }}
-    ipam:
-      config:
-        - subnet: {{ network_macvlan_subnet }}
-          gateway: {{ network_macvlan_gateway }}
-    name: {{ network_name }}
-    {% elif swarm_enabled %}
-    driver: overlay
-    attachable: true
-    {% else %}
-    driver: bridge
-    {% endif %}
-    {% endif %}
-  {% if traefik_enabled %}
   {{ traefik_network }}:
     external: true
-  {% endif %}
-{% endif %}
-
-{% if swarm_enabled %}
-configs:
-  {{ service_name }}_config:
-    file: ./config/prometheus.yaml
 {% endif %}

library/compose/prometheus/compose.yaml.j2.final

@@ -1,163 +0,0 @@
----
-services:
-  {{ service_name }}:
-    image: docker.io/prom/prometheus:v3.7.3
-    {% if not swarm_enabled %}
-    restart: {{ restart_policy }}
-    container_name: {{ container_name }}
-    {% endif %}
-    hostname: {{ container_hostname }}
-    command:
-      - --config.file=/etc/prometheus/prometheus.yaml
-      - --storage.tsdb.retention.time={{ metrics_retention_time }}
-      {% if metrics_retention_size != '0' %}
-      - --storage.tsdb.retention.size={{ metrics_retention_size }}
-      {% endif %}
-      {% if metrics_web_external_url %}
-      - --web.external-url={{ metrics_web_external_url }}
-      {% endif %}
-    environment:
-      - TZ={{ container_timezone }}
-      - UID={{ user_uid }}
-      - GID={{ user_gid }}
-    {% if not traefik_enabled and network_mode == 'bridge' %}
-    ports:
-      {% if swarm_enabled %}
-      - target: 9090
-        published: {{ ports_http }}
-        protocol: tcp
-        mode: host
-      {% else %}
-      - "{{ ports_http }}:9090"
-      {% endif %}
-    {% endif %}
-    volumes:
-      {% if volume_mode == 'mount' %}
-      - {{ volume_mount_path }}/data:/prometheus:rw
-      {% else %}
-      - {{ service_name }}-data:/prometheus
-      {% endif %}
-      {% if not swarm_enabled %}
-      {% if volume_mode == 'mount' %}
-      - {{ volume_mount_path }}/config/prometheus.yaml:/etc/prometheus/prometheus.yaml:ro
-      {% else %}
-      - ./config/prometheus.yaml:/etc/prometheus/prometheus.yaml:ro
-      {% endif %}
-      {% endif %}
-    {#
-      When traefik is enabled, add traefik network for reverse proxy access
-    #}
-    {% if traefik_enabled %}
-    networks:
-      {{ traefik_network }}:
-    {% endif %}
-      {% if network_mode == 'macvlan' %}
-      {{ network_name }}:
-        ipv4_address: {{ network_macvlan_ipv4_address }}
-      {% elif network_mode == 'bridge' %}
-      {{ network_name }}:
-      {% endif %}
-    {% endif %}
-    {% if swarm_enabled %}
-    configs:
-      - source: {{ service_name }}_config
-        target: /etc/prometheus/prometheus.yaml
-    {% endif %}
-    {% if swarm_enabled or resources_enabled %}
-    deploy:
-      {% if swarm_enabled %}
-      mode: {{ swarm_placement_mode }}
-      {% if swarm_placement_mode == 'replicated' %}
-      replicas: {{ swarm_replicas }}
-      {% endif %}
-      {% if swarm_placement_host %}
-      placement:
-        constraints:
-          - node.hostname == {{ swarm_placement_host }}
-      {% endif %}
-      restart_policy:
-        condition: on-failure
-      {% endif %}
-      {% if resources_enabled %}
-      resources:
-        limits:
-          cpus: '{{ resources_cpu_limit }}'
-          memory: {{ resources_memory_limit }}
-        {% if swarm_enabled %}
-        reservations:
-          cpus: '{{ resources_cpu_reservation }}'
-          memory: {{ resources_memory_reservation }}
-        {% endif %}
-      {% endif %}
-      {% if swarm_enabled and traefik_enabled %}
-      labels:
-        - traefik.enable=true
-        - traefik.docker.network={{ traefik_network }}
-        - traefik.http.services.{{ service_name }}-web.loadBalancer.server.port=9090
-        - traefik.http.routers.{{ service_name }}-http.service={{ service_name }}-web
-        - traefik.http.routers.{{ service_name }}-http.rule=Host(`{{ traefik_host }}.{{ traefik_domain }}`)
-        - traefik.http.routers.{{ service_name }}-http.entrypoints={{ traefik_entrypoint }}
-        {% if authentik_enabled %}
-        - traefik.http.routers.{{ service_name }}-http.middlewares={{ authentik_traefik_middleware }}
-        {% endif %}
-        {% if traefik_tls_enabled %}
-        - traefik.http.routers.{{ service_name }}-https.service={{ service_name }}-web
-        - traefik.http.routers.{{ service_name }}-https.rule=Host(`{{ traefik_host }}.{{ traefik_domain }}`)
-        - traefik.http.routers.{{ service_name }}-https.entrypoints={{ traefik_tls_entrypoint }}
-        - traefik.http.routers.{{ service_name }}-https.tls=true
-        - traefik.http.routers.{{ service_name }}-https.tls.certresolver={{ traefik_tls_certresolver }}
-        {% if authentik_enabled %}
-        - traefik.http.routers.{{ service_name }}-https.middlewares={{ authentik_traefik_middleware }}
-        {% endif %}
-        {% endif %}
-      {% endif %}
-    {% endif %}
-    {% if traefik_enabled and not swarm_enabled %}
-    labels:
-      - traefik.enable=true
-      - traefik.docker.network={{ traefik_network }}
-      - traefik.http.services.{{ service_name }}-web.loadBalancer.server.port=9090
-      - traefik.http.routers.{{ service_name }}-http.service={{ service_name }}-web
-      - traefik.http.routers.{{ service_name }}-http.rule=Host(`{{ traefik_host }}.{{ traefik_domain }}`)
-      - traefik.http.routers.{{ service_name }}-http.entrypoints={{ traefik_entrypoint }}
-      {% if authentik_enabled %}
-      - traefik.http.routers.{{ service_name }}-http.middlewares={{ authentik_traefik_middleware }}
-      {% endif %}
-      {% if traefik_tls_enabled %}
-      - traefik.http.routers.{{ service_name }}-https.service={{ service_name }}-web
-      - traefik.http.routers.{{ service_name }}-https.rule=Host(`{{ traefik_host }}.{{ traefik_domain }}`)
-      - traefik.http.routers.{{ service_name }}-https.entrypoints={{ traefik_tls_entrypoint }}
-      - traefik.http.routers.{{ service_name }}-https.tls=true
-      - traefik.http.routers.{{ service_name }}-https.tls.certresolver={{ traefik_tls_certresolver }}
-      {% if authentik_enabled %}
-      - traefik.http.routers.{{ service_name }}-https.middlewares={{ authentik_traefik_middleware }}
-      {% endif %}
-      {% endif %}
-    {% endif %}
-
-{% if volume_mode == 'local' %}
-volumes:
-  {{ service_name }}-data:
-    driver: local
-{% elif volume_mode == 'nfs' %}
-volumes:
-  {{ service_name }}-data:
-    driver: local
-    driver_opts:
-      type: nfs
-      o: addr={{ volume_nfs_server }},{{ volume_nfs_options }}
-      device: ":{{ volume_nfs_path }}/data"
-{% endif %}
-
-    {% endif %}
-  {% if traefik_enabled %}
-  {{ traefik_network }}:
-    external: true
-  {% endif %}
-{% endif %}
-
-{% if swarm_enabled %}
-configs:
-  {{ service_name }}_config:
-    file: ./config/prometheus.yaml
-{% endif %}

library/compose/prometheus/compose.yaml.j2.portfix

@@ -1,157 +0,0 @@
----
-services:
-  {{ service_name }}:
-    image: docker.io/prom/prometheus:v3.7.3
-    {% if not swarm_enabled %}
-    restart: {{ restart_policy }}
-    container_name: {{ container_name }}
-    {% endif %}
-    hostname: {{ container_hostname }}
-    command:
-      - --config.file=/etc/prometheus/prometheus.yaml
-      - --storage.tsdb.retention.time={{ metrics_retention_time }}
-      {% if metrics_retention_size != '0' %}
-      - --storage.tsdb.retention.size={{ metrics_retention_size }}
-      {% endif %}
-      {% if metrics_web_external_url %}
-      - --web.external-url={{ metrics_web_external_url }}
-      {% endif %}
-    environment:
-      - TZ={{ container_timezone }}
-      - UID={{ user_uid }}
-      - GID={{ user_gid }}
-    {% if not traefik_enabled and network_mode == 'bridge' %}
-    ports:
-      {% if swarm_enabled %}
-      - target: 9090
-        published: {{ ports_http }}
-        protocol: tcp
-        mode: host
-      {% else %}
-      - "{{ ports_http }}:9090"
-      {% endif %}
-    {% endif %}
-    volumes:
-      {% if volume_mode == 'mount' %}
-      - {{ volume_mount_path }}/data:/prometheus:rw
-      {% else %}
-      - {{ service_name }}-data:/prometheus
-      {% endif %}
-      {% if not swarm_enabled %}
-      {% if volume_mode == 'mount' %}
-      - {{ volume_mount_path }}/config/prometheus.yaml:/etc/prometheus/prometheus.yaml:ro
-      {% else %}
-      - ./config/prometheus.yaml:/etc/prometheus/prometheus.yaml:ro
-      {% endif %}
-      {% endif %}
-    {#
-      When traefik is enabled, add traefik network for reverse proxy access
-    #}
-    {% if traefik_enabled %}
-    networks:
-      {{ traefik_network }}:
-    {% endif %}
-    {% endif %}
-    {% if swarm_enabled %}
-    configs:
-      - source: {{ service_name }}_config
-        target: /etc/prometheus/prometheus.yaml
-    {% endif %}
-    {% if swarm_enabled or resources_enabled %}
-    deploy:
-      {% if swarm_enabled %}
-      mode: {{ swarm_placement_mode }}
-      {% if swarm_placement_mode == 'replicated' %}
-      replicas: {{ swarm_replicas }}
-      {% endif %}
-      {% if swarm_placement_host %}
-      placement:
-        constraints:
-          - node.hostname == {{ swarm_placement_host }}
-      {% endif %}
-      restart_policy:
-        condition: on-failure
-      {% endif %}
-      {% if resources_enabled %}
-      resources:
-        limits:
-          cpus: '{{ resources_cpu_limit }}'
-          memory: {{ resources_memory_limit }}
-        {% if swarm_enabled %}
-        reservations:
-          cpus: '{{ resources_cpu_reservation }}'
-          memory: {{ resources_memory_reservation }}
-        {% endif %}
-      {% endif %}
-      {% if swarm_enabled and traefik_enabled %}
-      labels:
-        - traefik.enable=true
-        - traefik.docker.network={{ traefik_network }}
-        - traefik.http.services.{{ service_name }}-web.loadBalancer.server.port=9090
-        - traefik.http.routers.{{ service_name }}-http.service={{ service_name }}-web
-        - traefik.http.routers.{{ service_name }}-http.rule=Host(`{{ traefik_host }}.{{ traefik_domain }}`)
-        - traefik.http.routers.{{ service_name }}-http.entrypoints={{ traefik_entrypoint }}
-        {% if authentik_enabled %}
-        - traefik.http.routers.{{ service_name }}-http.middlewares={{ authentik_traefik_middleware }}
-        {% endif %}
-        {% if traefik_tls_enabled %}
-        - traefik.http.routers.{{ service_name }}-https.service={{ service_name }}-web
-        - traefik.http.routers.{{ service_name }}-https.rule=Host(`{{ traefik_host }}.{{ traefik_domain }}`)
-        - traefik.http.routers.{{ service_name }}-https.entrypoints={{ traefik_tls_entrypoint }}
-        - traefik.http.routers.{{ service_name }}-https.tls=true
-        - traefik.http.routers.{{ service_name }}-https.tls.certresolver={{ traefik_tls_certresolver }}
-        {% if authentik_enabled %}
-        - traefik.http.routers.{{ service_name }}-https.middlewares={{ authentik_traefik_middleware }}
-        {% endif %}
-        {% endif %}
-      {% endif %}
-    {% endif %}
-    {% if traefik_enabled and not swarm_enabled %}
-    labels:
-      - traefik.enable=true
-      - traefik.docker.network={{ traefik_network }}
-      - traefik.http.services.{{ service_name }}-web.loadBalancer.server.port=9090
-      - traefik.http.routers.{{ service_name }}-http.service={{ service_name }}-web
-      - traefik.http.routers.{{ service_name }}-http.rule=Host(`{{ traefik_host }}.{{ traefik_domain }}`)
-      - traefik.http.routers.{{ service_name }}-http.entrypoints={{ traefik_entrypoint }}
-      {% if authentik_enabled %}
-      - traefik.http.routers.{{ service_name }}-http.middlewares={{ authentik_traefik_middleware }}
-      {% endif %}
-      {% if traefik_tls_enabled %}
-      - traefik.http.routers.{{ service_name }}-https.service={{ service_name }}-web
-      - traefik.http.routers.{{ service_name }}-https.rule=Host(`{{ traefik_host }}.{{ traefik_domain }}`)
-      - traefik.http.routers.{{ service_name }}-https.entrypoints={{ traefik_tls_entrypoint }}
-      - traefik.http.routers.{{ service_name }}-https.tls=true
-      - traefik.http.routers.{{ service_name }}-https.tls.certresolver={{ traefik_tls_certresolver }}
-      {% if authentik_enabled %}
-      - traefik.http.routers.{{ service_name }}-https.middlewares={{ authentik_traefik_middleware }}
-      {% endif %}
-      {% endif %}
-    {% endif %}
-
-{% if volume_mode == 'local' %}
-volumes:
-  {{ service_name }}-data:
-    driver: local
-{% elif volume_mode == 'nfs' %}
-volumes:
-  {{ service_name }}-data:
-    driver: local
-    driver_opts:
-      type: nfs
-      o: addr={{ volume_nfs_server }},{{ volume_nfs_options }}
-      device: ":{{ volume_nfs_path }}/data"
-{% endif %}
-
-    {% endif %}
-  {% if traefik_enabled %}
-  {{ traefik_network }}:
-    external: true
-  {% endif %}
-{% endif %}
-
-{% if swarm_enabled %}
-configs:
-  {{ service_name }}_config:
-    file: ./config/prometheus.yaml
-{% endif %}

library/compose/prometheus/template.yaml

@@ -10,7 +10,6 @@ metadata:
     Prometheus is an open-source systems monitoring and alerting toolkit originally built at SoundCloud.
     It is designed for reliability and scalability, making it suitable for monitoring dynamic cloud environments.
     Prometheus collects and stores metrics as time series data, providing powerful querying capabilities and integration with various visualization tools.
-
     ##  Swarm Deployment Warning
     Prometheus uses local TSDB storage and does NOT support running multiple replicas.
     This template enforces a single replica with node placement constraints. For true HA, consider remote storage solutions (Thanos, Cortex, VictoriaMetrics).
@@ -47,14 +46,10 @@ spec:
   general:
     vars:
       service_name:
-        default: "prometheus"
-      container_name:
-        default: "prometheus"
-      container_hostname:
-        default: "prometheus"
+        default: prometheus
   metrics:
-    title: "Metrics & Storage"
-    description: "Configure data retention and storage settings"
+    title: Metrics & Storage
+    description: Configure data retention and storage settings
     vars:
       metrics_retention_time:
         type: str
@@ -66,48 +61,17 @@ spec:
         description: "Maximum storage size (e.g., 5GB, 10GB, 1TB)"
         default: "0"
         extra: "Set to 0 for unlimited. Triggers deletion when exceeded."
-      metrics_web_external_url:
-        type: str
-        description: "External URL for generating links (optional)"
-        default: ""
-        optional: true
-        extra: "Use if behind reverse proxy, e.g., https://prometheus.example.com"
+      metrics_enable_remote_write:
+        type: bool
+        description: "Enable remote write receiver (allows pushing metrics via /api/v1/write)"
+        default: false
+        extra: "Caution: Intended for low-volume use cases only. Not efficient for general ingestion."
   ports:
     vars:
       ports_http:
-        description: "External HTTP port for web UI and API"
-        type: int
         default: 9090
-        needs: ["traefik_enabled=false", "network_mode=bridge"]
-  network:
-    vars:
-      network_mode:
-        extra: "For Swarm, only 'bridge' is supported. Use bridge for Traefik integration."
-      network_name:
-        default: "prometheus_network"
+
   traefik:
     vars:
-      traefik_enabled:
-        needs: "network_mode=bridge"
       traefik_host:
-        default: "prometheus.home.arpa"
-      traefik_network:
-        type: str
-        description: "Traefik network name"
-        default: "traefik"
-        needs: "traefik_enabled"
-      traefik_network_external:
-        type: bool
-        description: "Use external Traefik network"
-        default: true
-        needs: "traefik_enabled"
-  swarm:
-    vars:
-      swarm_enabled:
-        needs: "network_mode=bridge"
-      swarm_placement_host:
-        description: "Hostname of the node to deploy Prometheus on"
-        required: true
-        optional: false
-        needs: null
-        extra: "REQUIRED: Prometheus requires persistent storage on a single node"
+        default: prometheus

library/compose/prometheus/template.yaml.backup

@@ -1,110 +0,0 @@
----
-kind: compose
-schema: "1.2"
-metadata:
-  name: Prometheus
-  description: |
-    Prometheus is an open-source systems monitoring and alerting toolkit originally built at SoundCloud.
-    It is designed for reliability and scalability, making it suitable for monitoring dynamic cloud environments.
-    Prometheus collects and stores metrics as time series data, providing powerful querying capabilities and integration with various visualization tools.
-
-    ##  Swarm Deployment Warning
-    Prometheus uses local TSDB storage and does NOT support running multiple replicas.
-    This template enforces a single replica with node placement constraints. For true HA, consider remote storage solutions (Thanos, Cortex, VictoriaMetrics).
-
-    Project: https://prometheus.io/
-
-    Documentation: https://prometheus.io/docs/
-
-    GitHub: https://github.com/prometheus/prometheus
-  version: v3.7.3
-  author: Christian Lempa
-  date: '2025-10-31'
-  tags:
-    - traefik
-    - swarm
-    - authentik
-  next_steps: |
-    {% if swarm_enabled -%}
-    1. Deploy to Docker Swarm:
-       docker stack deploy -c compose.yaml {{ service_name }}
-    2. Access Prometheus:
-       {%- if traefik_enabled %} https://{{ traefik_host }}
-       {%- else %} http://<swarm-node-ip>:{{ ports_http }}{%- endif %}
-    {% else -%}
-    1. Start Prometheus with Docker Compose:
-       docker compose up -d
-    2. Access Prometheus:
-       {%- if traefik_enabled %} https://{{ traefik_host }}
-       {%- else %} http://localhost:{{ ports_http }}{%- endif %}
-    {% endif -%}
-    3. Edit config/prometheus.yaml to add scrape targets
-    4. Reload configuration: docker exec {{ container_name if not swarm_enabled else service_name }} kill -HUP 1
-spec:
-  general:
-    vars:
-      service_name:
-        default: "prometheus"
-      container_name:
-        default: "prometheus"
-      container_hostname:
-        default: "prometheus"
-  metrics:
-    title: "Metrics & Storage"
-    description: "Configure data retention and storage settings"
-    vars:
-      metrics_retention_time:
-        type: str
-        description: "How long to retain samples (e.g., 15d, 30d, 1y)"
-        default: "15d"
-        extra: "Older data will be deleted. Use 'h', 'd', 'w', 'y' for time units."
-      metrics_retention_size:
-        type: str
-        description: "Maximum storage size (e.g., 5GB, 10GB, 1TB)"
-        default: "0"
-        extra: "Set to 0 for unlimited. Triggers deletion when exceeded."
-      metrics_web_external_url:
-        type: str
-        description: "External URL for generating links (optional)"
-        default: ""
-        optional: true
-        extra: "Use if behind reverse proxy, e.g., https://prometheus.example.com"
-  ports:
-    vars:
-      ports_http:
-        description: "External HTTP port for web UI and API"
-        type: int
-        default: 9090
-        needs: ["traefik_enabled=false", "network_mode=bridge"]
-  network:
-    vars:
-      network_mode:
-        extra: "For Swarm, only 'bridge' is supported. Use bridge for Traefik integration."
-      network_name:
-        default: "prometheus_network"
-  traefik:
-    vars:
-      traefik_enabled:
-        needs: "network_mode=bridge"
-      traefik_host:
-        default: "prometheus.home.arpa"
-      traefik_network:
-        type: str
-        description: "Traefik network name"
-        default: "traefik"
-        needs: "traefik_enabled"
-      traefik_network_external:
-        type: bool
-        description: "Use external Traefik network"
-        default: true
-        needs: "traefik_enabled"
-  swarm:
-    vars:
-      swarm_enabled:
-        needs: "network_mode=bridge"
-      swarm_placement_host:
-        description: "Hostname of the node to deploy Prometheus on"
-        required: true
-        optional: false
-        needs: null
-        extra: "REQUIRED: Prometheus requires persistent storage on a single node"

library/compose/traefik/compose.yaml.j2

@@ -12,6 +12,61 @@ services:
     {% if container_hostname %}
     hostname: {{ container_hostname }}
     {% endif %}
+    command:
+      - "--global.checkNewVersion=false"
+      - "--global.sendAnonymousUsage=false"
+      {% if container_loglevel %}
+      - "--log.level={{ container_loglevel }}"
+      {% endif %}
+      - "--ping=true"
+      - "--ping.entryPoint=ping"
+      {% if accesslog_enabled %}
+      - "--accesslog=true"
+      {% endif %}
+      - "--ping.entryPoint=ping"
+      {% if dashboard_enabled %}
+      - "--api.dashboard=true"
+      - "--api.insecure=true"
+      {% endif %}
+      {% if prometheus_enabled %}
+      - "--metrics.prometheus=true"
+      - "--metrics.prometheus.entryPoint=metrics"
+      - "--metrics.prometheus.addRoutersLabels=true"
+      {% endif %}
+      - "--entrypoints.ping.address=:8082"
+      {% if prometheus_enabled %}
+      - "--entrypoints.metrics.address=:9090"
+      {% endif %}
+      - "--entrypoints.web.address=:80"
+      {% if traefik_tls_enabled and traefik_tls_redirect %}
+      - "--entrypoints.web.http.redirections.entryPoint.to=websecure"
+      - "--entrypoints.web.http.redirections.entryPoint.scheme=https"
+      {% endif %}
+      {% if traefik_tls_enabled %}
+      - "--entrypoints.websecure.address=:443"
+      - "--certificatesresolvers.{{ traefik_tls_certresolver }}.acme.email={{ traefik_tls_acme_email }}"
+      - "--certificatesresolvers.{{ traefik_tls_certresolver }}.acme.caServer=https://acme-v02.api.letsencrypt.org/directory"
+      - "--certificatesresolvers.{{ traefik_tls_certresolver }}.acme.dnsChallenge.provider={{ traefik_tls_certresolver }}"
+      - "--certificatesresolvers.{{ traefik_tls_certresolver }}.acme.dnsChallenge.resolvers=1.1.1.1:53,8.8.8.8:53"
+      {% endif %}
+      {% if traefik_tls_min_version %}
+      - "--tls.options.default.minVersion={{ traefik_tls_min_version }}"
+      {% endif %}
+      {% if traefik_tls_secure_ciphers %}
+      - "--tls.options.default.cipherSuites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"
+      {% endif %}
+      {% if traefik_tls_skipverify %}
+      - "--serversTransport.insecureSkipVerify=true"
+      {% endif %}
+      {% if swarm_enabled %}
+      - "--providers.swarm.endpoint=unix:///var/run/docker.sock"
+      - "--providers.swarm.exposedByDefault=false"
+      - "--providers.swarm.network={{ traefik_network }}"
+      {% else %}
+      - "--providers.docker=true"
+      - "--providers.docker.exposedByDefault=false"
+      - "--providers.docker.network={{ traefik_network }}"
+      {% endif %}
     ports:
       - "{{ ports_http }}:80"
       - "{{ ports_https }}:443"
@@ -26,13 +81,6 @@ services:
     #}
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock:ro
-      {% if not swarm_enabled %}
-      {% if volume_mode == 'mount' and volume_mount_path%}
-      - {{ volume_mount_path }}/config/:/etc/traefik/:ro
-      {% else %}
-      - ./config/:/etc/traefik/:ro
-      {% endif %}
-      {% endif %}
       {% if volume_mode == 'mount' %}
       - {{ volume_mount_path }}:/var/traefik/certs/:rw
       {% elif volume_mode == 'local' or volume_mode == 'nfs' %}
@@ -98,13 +146,8 @@ services:
       - NAMECHEAP_API_USER={{ traefik_tls_acme_username }}
       {% endif %}
       {% endif %}
-    {% if swarm_enabled %}
-    configs:
-      - source: traefik_config
-        target: /etc/traefik/traefik.yaml
-    {% endif %}
     healthcheck:
-      test: ["CMD", "traefik", "healthcheck", "--ping"]
+      test: ["CMD", "wget", "--spider", "-q", "http://127.0.0.1:8082/ping"]
       interval: 30s
       timeout: 5s
       retries: 3
@@ -134,16 +177,9 @@ services:
     {% endif %}
 
 {#
-  When swarm mode is enabled, define the necessary configs for Traefik.
-  These configs will be used to store Traefik's main configuration as well as
-  additional dynamic configuration files for routers, services, and middlewares.
-  If Traefik TLS is enabled, also define the necessary secrets for ACME DNS challenge.
+  If Traefik TLS is enabled in swarm mode, define the necessary secrets for ACME DNS challenge.
 #}
-{% if swarm_enabled %}
-configs:
-  traefik_config:
-    file: ./config/traefik.yaml
-{% if traefik_tls_enabled %}
+{% if swarm_enabled and traefik_tls_enabled %}
 secrets:
   {{ service_name }}_token:
     file: ./.env.secret.token
@@ -152,7 +188,6 @@ secrets:
     file: ./.env.secret.token_key
   {% endif %}
 {% endif %}
-{% endif %}
 
 {#
   Always define the traefik network, but if it's not external, set it up according to

library/compose/traefik/config/traefik.yaml.j2

@@ -1,136 +0,0 @@
----
-global:
-  checkNewVersion: false
-  sendAnonymousUsage: false
-
-{% if container_loglevel %}
-log:
-  level: {{ container_loglevel | upper }}
-{% endif %}
-
-{% if accesslog_enabled %}
-accesslog: {}
-{% endif %}
-
-ping:
-  entryPoint: ping
-
-{% if dashboard_enabled %}
-api:
-  dashboard: true
-  insecure: true
-{% endif %}
-
-{% if prometheus_enabled %}
-metrics:
-  prometheus:
-    entryPoint: metrics
-    addRoutersLabels: true
-{% endif %}
-
-entryPoints:
-  ping:
-    address: :8082
-  {% if prometheus_enabled %}
-  metrics:
-    address: :9090
-  {% endif %}
-  web:
-    address: :80
-    {% if traefik_tls_enabled and traefik_tls_redirect %}
-    http:
-      redirections:
-        entryPoint:
-          to: websecure
-          scheme: https
-    {% endif %}
-  {% if traefik_tls_enabled %}
-  websecure:
-    address: :443
-  {% endif %}
-
-{% if traefik_tls_enabled %}
-certificatesResolvers:
-  {{ traefik_tls_certresolver }}:
-    acme:
-      email: {{ traefik_tls_acme_email }}
-      storage: /var/traefik/certs/acme.json
-      caServer: "https://acme-v02.api.letsencrypt.org/directory"
-      dnsChallenge:
-        provider: {{ traefik_tls_certresolver }}
-        resolvers:
-          - 1.1.1.1:53
-          - 8.8.8.8:53
-
-{% if traefik_tls_min_version or traefik_tls_secure_ciphers %}
-tls:
-  options:
-    default:
-      {% if traefik_tls_min_version %}
-      minVersion: {{ traefik_tls_min_version }}
-      {% endif %}
-      {% if traefik_tls_secure_ciphers %}
-      cipherSuites:
-        - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
-        - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
-        - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
-        - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
-        - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
-        - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
-      {% endif %}
-{% endif %}
-{% endif %}
-
-{% if traefik_tls_skipverify or security_enabled or authentik_enabled %}
-http:
-{% if traefik_tls_skipverify %}
-  serversTransports:
-    insecure:
-      insecureSkipVerify: true
-{% endif %}
-{% if security_enabled or authentik_enabled %}
-middlewares:
-    {% if security_enabled %}
-    security-headers:
-      headers:
-        frameDeny: true
-        browserXssFilter: true
-        contentTypeNosniff: true
-        sslRedirect: true
-        forceSTSHeader: true
-        stsSeconds: 31536000
-        stsIncludeSubdomains: true
-        stsPreload: true
-    {% endif %}
-    {% if authentik_enabled %}
-    authentik-headers:
-      forwardAuth:
-        address: {{ authentik_outpost_url }}/outpost.goauthentik.io/auth/traefik
-        trustForwardHeader: true
-        authResponseHeaders:
-          - X-authentik-username
-          - X-authentik-groups
-          - X-authentik-email
-          - X-authentik-name
-          - X-authentik-uid
-          - X-authentik-jwt
-          - X-authentik-meta-jwks
-          - X-authentik-meta-outpost
-          - X-authentik-meta-provider
-          - X-authentik-meta-app
-          - X-authentik-meta-version
-    {% endif %}
-{% endif %}
-{% endif %}
-
-providers:
-  {% if swarm_enabled %}
-  swarm:
-    endpoint: "unix:///var/run/docker.sock"
-    exposedByDefault: false
-    network: {{ traefik_network }}
-  {% else %}
-  docker:
-    exposedByDefault: false
-    network: {{ traefik_network }}
-  {% endif %}

library/compose/traefik/template.yaml

@@ -32,15 +32,6 @@ metadata:
     {% endif %}
 schema: "1.2"
 spec:
-  authentik:
-    title: Authentik Middleware
-    description: Enable Authentik SSO integration for Traefik
-    vars:
-      authentik_outpost_url:
-        description: Authentik outpost URL (e.g., http://authentik-outpost:9000)
-        type: url
-        default: http://authentik-outpost:9000
-        needs: [authentik_enabled]
   general:
     vars:
       service_name:

library/helm/authentik/template.yaml

@@ -24,6 +24,7 @@ metadata:
   version: 2025.6.3
   author: Christian Lempa
   date: '2025-01-11'
+  draft: true
 spec:
   general:
     vars:
@@ -70,6 +71,9 @@ spec:
         default: authentik
       database_port:
         default: 5432
+      database_password:
+        description: PostgreSQL database password
+        sensitive: true
   traefik:
     vars:
       traefik_host:

library/helm/certmanager/template.yaml

@@ -18,7 +18,7 @@ metadata:
   icon:
     provider: simpleicons
     id: letsencrypt
-  draft: false
+  draft: true
   next_steps: ""
 schema: "1.0"
 spec:

library/helm/longhorn/template.yaml

@@ -18,7 +18,7 @@ metadata:
   icon:
     provider: selfh
     id: rancher-longhorn
-  draft: false
+  draft: true
   next_steps: ""
 schema: "1.0"
 spec:

library/helm/netbox/template.yaml

@@ -10,7 +10,7 @@ metadata:
     Helm values template for NetBox, an open-source network infrastructure management (IPAM/DCIM)
     solution and network automation source of truth.
     ## Chart Information
-    * **Chart Repository:** https://charts.boot source.github.io/charts
+    * **Chart Repository:** https://charts.bootsource.github.io/charts
     * **Chart Name:** netbox
     * **Chart Version:** Compatible with NetBox 4.2.3
     ## References
@@ -19,7 +19,8 @@ metadata:
     * **GitHub:** https://github.com/netbox-community/netbox
   version: 4.2.3
   author: Christian Lempa
-  date: '2025-11-13'
+  date: '2025-01-13'
+  draft: true
 spec:
   general:
     vars:

library/helm/portainer/template.yaml

@@ -24,6 +24,7 @@ metadata:
   version: 2.34.0
   author: Christian Lempa
   date: '2025-01-11'
+  draft: true
 spec:
   general:
     vars:

library/helm/portainer/values.yaml.j2

@@ -15,11 +15,13 @@ ingress:
       paths:
         - path: /
           port: "9000"
+{% if traefik_tls_enabled %}
   tls:
     - secretName: {{ traefik_tls_secret }}
       hosts:
         - {{ traefik_host }}
 {% endif %}
+{% endif %}
 {% if volumes_mode == 'existing-pvc' %}
 
 persistence:

library/helm/traefik/template.yaml

@@ -18,7 +18,7 @@ metadata:
   icon:
     provider: simpleicons
     id: traefikproxy
-  draft: false
+  draft: true
   next_steps: ""
 schema: "1.0"
 spec:

library/kubernetes/certmanager-certificate/template.yaml

@@ -27,9 +27,12 @@ spec:
     vars:
       resource_name:
         default: tls-certificate
+      namespace:
+        default: default
       secret_name:
         type: str
         description: Name of secret to store the certificate
+        default: tls-secret
   dns:
     title: DNS Settings
     vars:
@@ -37,4 +40,14 @@ spec:
         type: str
         description: DNS names for certificate (comma-separated, e.g., example.com,*.example.com)
   certmanager:
-    toggle: []
+    title: Cert-Manager Settings
+    vars:
+      certmanager_issuer:
+        type: str
+        description: Cert-manager Issuer or ClusterIssuer name
+        default: letsencrypt-prod
+      certmanager_issuer_kind:
+        type: enum
+        description: Issuer type
+        options: [Issuer, ClusterIssuer]
+        default: ClusterIssuer

library/kubernetes/certmanager-issuer/template.yaml

@@ -27,6 +27,8 @@ spec:
     vars:
       resource_name:
         default: cloudflare-issuer
+      namespace:
+        default: default
       acme_email:
         type: email
         description: Email address for ACME account registration

library/kubernetes/core-configmap/template.yaml

@@ -22,3 +22,5 @@ spec:
     vars:
       resource_name:
         default: app-config
+      namespace:
+        default: default

library/kubernetes/core-ingress/template.yaml

@@ -22,6 +22,8 @@ spec:
     vars:
       resource_name:
         default: app-ingress
+      namespace:
+        default: default
       ingress_class:
         type: str
         description: Ingress class name

library/kubernetes/core-persistentvolumeclaim/template.yaml

@@ -22,6 +22,8 @@ spec:
     vars:
       resource_name:
         default: app-pvc
+      namespace:
+        default: default
       storage_class:
         type: str
         description: Storage class name (leave empty for default)

library/kubernetes/core-secret/template.yaml

@@ -22,6 +22,8 @@ spec:
     vars:
       resource_name:
         default: api-token-secret
+      namespace:
+        default: default
       secret_type:
         type: str
         description: Secret type

library/kubernetes/core-service/template.yaml

@@ -22,6 +22,8 @@ spec:
     vars:
       resource_name:
         default: app-service
+      namespace:
+        default: default
       service_type:
         type: enum
         description: Service type

library/kubernetes/core-serviceaccount/template.yaml

@@ -22,3 +22,5 @@ spec:
     vars:
       resource_name:
         default: app-serviceaccount
+      namespace:
+        default: default

library/kubernetes/traefik-ingressroute/template.yaml

@@ -24,6 +24,23 @@ spec:
     vars:
       resource_name:
         default: app-ingressroute
+      namespace:
+        default: default
+      traefik_entrypoint:
+        type: str
+        description: Traefik entrypoint for HTTP (e.g., web)
+        default: web
+      traefik_tls_entrypoint:
+        type: str
+        description: Traefik entrypoint for HTTPS (e.g., websecure)
+        default: websecure
+      traefik_service_name:
+        type: str
+        description: Kubernetes service name to route traffic to
+      traefik_service_port:
+        type: int
+        description: Kubernetes service port
+        default: 80
   traefik:
     vars:
       traefik_enabled:

library/kubernetes/traefik-ingressroutetcp/template.yaml

@@ -27,6 +27,8 @@ spec:
     vars:
       resource_name:
         default: app-tcp-route
+      namespace:
+        default: default
   traefik:
     vars:
       traefik_enabled:

library/kubernetes/traefik-middleware/template.yaml

@@ -24,6 +24,10 @@ schema: "1.0"
 spec:
   general:
     vars:
+      resource_name:
+        default: app-middleware
+      namespace:
+        default: default
       middleware_type:
         description: Middleware type
         type: enum

library/kubernetes/twingate-connector/template.yaml

@@ -1,40 +1,37 @@
 ---
 kind: kubernetes
-schema: "1.0"
 metadata:
-  icon:
-    provider: selfh
-    id: twingate-connector
   name: Twingate Connector
-  description: >
+  description: |-
     Twingate Connector for secure zero-trust network access.
 
-
     Requires the Twingate Kubernetes Operator to be installed in the cluster.
 
-
     Project: https://www.twingate.com
-
     Documentation: https://docs.twingate.com/docs/connector-kubernetes-operator
   version: 1.74.0
   author: Christian Lempa
-  date: '2025-01-11'
+  date: "2025-01-11"
+  tags: []
+  icon:
+    provider: selfh
+    id: twingate
+  draft: false
+  next_steps: ""
+schema: "1.0"
 spec:
   general:
     vars:
       resource_name:
         default: twingate-connector
-      namespace:
-        default: twingate
       image_tag:
         type: str
         description: Twingate connector image tag
         default: "1.74.0"
       connector_name:
         type: str
-        description: Connector name in Twingate
-        default: twingate-connector
+        description: Twingate connector name
       status_notifications:
         type: bool
         description: Enable status notifications
-        default: false
+        default: true

library/schemas/ansible/v1.0.json

@@ -0,0 +1,14 @@
+[
+  {
+    "key": "general",
+    "title": "General",
+    "required": true,
+    "vars": [
+      {
+        "name": "playbook_name",
+        "description": "Ansible playbook name",
+        "type": "str"
+      }
+    ]
+  }
+]

library/schemas/compose/v1.0.json

@@ -0,0 +1,229 @@
+[
+  {
+    "key": "general",
+    "title": "General",
+    "required": true,
+    "vars": [
+      {
+        "name": "service_name",
+        "description": "Service name",
+        "type": "str"
+      },
+      {
+        "name": "container_name",
+        "description": "Container name",
+        "type": "str"
+      },
+      {
+        "name": "container_timezone",
+        "description": "Container timezone (e.g., Europe/Berlin)",
+        "type": "str",
+        "default": "UTC"
+      },
+      {
+        "name": "user_uid",
+        "description": "User UID for container process",
+        "type": "int",
+        "default": 1000
+      },
+      {
+        "name": "user_gid",
+        "description": "User GID for container process",
+        "type": "int",
+        "default": 1000
+      },
+      {
+        "name": "restart_policy",
+        "description": "Container restart policy",
+        "type": "enum",
+        "options": ["unless-stopped", "always", "on-failure", "no"],
+        "default": "unless-stopped"
+      }
+    ]
+  },
+  {
+    "key": "network",
+    "title": "Network",
+    "toggle": "network_enabled",
+    "vars": [
+      {
+        "name": "network_enabled",
+        "description": "Enable custom network block",
+        "type": "bool",
+        "default": false
+      },
+      {
+        "name": "network_name",
+        "description": "Docker network name",
+        "type": "str",
+        "default": "bridge"
+      },
+      {
+        "name": "network_external",
+        "description": "Use existing Docker network",
+        "type": "bool",
+        "default": true
+      }
+    ]
+  },
+  {
+    "key": "ports",
+    "title": "Ports",
+    "toggle": "ports_enabled",
+    "vars": [
+      {
+        "name": "ports_enabled",
+        "description": "Expose ports via 'ports' mapping",
+        "type": "bool",
+        "default": true
+      }
+    ]
+  },
+  {
+    "key": "traefik",
+    "title": "Traefik",
+    "toggle": "traefik_enabled",
+    "description": "Traefik routes external traffic to your service.",
+    "vars": [
+      {
+        "name": "traefik_enabled",
+        "description": "Enable Traefik reverse proxy integration",
+        "type": "bool",
+        "default": false
+      },
+      {
+        "name": "traefik_network",
+        "description": "Traefik network name",
+        "type": "str",
+        "default": "traefik"
+      },
+      {
+        "name": "traefik_host",
+        "description": "Domain name for your service (e.g., app.example.com)",
+        "type": "str"
+      },
+      {
+        "name": "traefik_entrypoint",
+        "description": "HTTP entrypoint (non-TLS)",
+        "type": "str",
+        "default": "web"
+      }
+    ]
+  },
+  {
+    "key": "traefik_tls",
+    "title": "Traefik TLS/SSL",
+    "toggle": "traefik_tls_enabled",
+    "needs": ["traefik"],
+    "description": "Enable HTTPS/TLS for Traefik with certificate management.",
+    "vars": [
+      {
+        "name": "traefik_tls_enabled",
+        "description": "Enable HTTPS/TLS",
+        "type": "bool",
+        "default": true
+      },
+      {
+        "name": "traefik_tls_entrypoint",
+        "description": "TLS entrypoint",
+        "type": "str",
+        "default": "websecure"
+      },
+      {
+        "name": "traefik_tls_certresolver",
+        "description": "Traefik certificate resolver name",
+        "type": "str",
+        "default": "cloudflare"
+      }
+    ]
+  },
+  {
+    "key": "swarm",
+    "title": "Docker Swarm",
+    "toggle": "swarm_enabled",
+    "description": "Deploy service in Docker Swarm mode with replicas.",
+    "vars": [
+      {
+        "name": "swarm_enabled",
+        "description": "Enable Docker Swarm mode",
+        "type": "bool",
+        "default": false
+      },
+      {
+        "name": "swarm_replicas",
+        "description": "Number of replicas in Swarm",
+        "type": "int",
+        "default": 1
+      },
+      {
+        "name": "swarm_placement_mode",
+        "description": "Swarm placement mode",
+        "type": "enum",
+        "options": ["global", "replicated"],
+        "default": "replicated"
+      },
+      {
+        "name": "swarm_placement_host",
+        "description": "Limit placement to specific node",
+        "type": "str"
+      }
+    ]
+  },
+  {
+    "key": "database",
+    "title": "Database",
+    "toggle": "database_enabled",
+    "description": "Connect to external database (PostgreSQL or MySQL)",
+    "vars": [
+      {
+        "name": "database_enabled",
+        "description": "Enable external database integration",
+        "type": "bool",
+        "default": false
+      },
+      {
+        "name": "database_type",
+        "description": "Database type",
+        "type": "enum",
+        "options": ["postgres", "mysql"],
+        "default": "postgres"
+      },
+      {
+        "name": "database_external",
+        "description": "Use an external database server?",
+        "extra": "skips creation of internal database container",
+        "type": "bool",
+        "default": false
+      },
+      {
+        "name": "database_host",
+        "description": "Database host",
+        "type": "str",
+        "default": "database"
+      },
+      {
+        "name": "database_port",
+        "description": "Database port",
+        "type": "int"
+      },
+      {
+        "name": "database_name",
+        "description": "Database name",
+        "type": "str"
+      },
+      {
+        "name": "database_user",
+        "description": "Database user",
+        "type": "str"
+      },
+      {
+        "name": "database_password",
+        "description": "Database password",
+        "type": "str",
+        "default": "",
+        "sensitive": true,
+        "autogenerated": true
+      }
+    ]
+  }
+]

library/schemas/compose/v1.1.json

@@ -0,0 +1,312 @@
+[
+  {
+    "key": "general",
+    "title": "General",
+    "required": true,
+    "vars": [
+      {
+        "name": "service_name",
+        "description": "Service name",
+        "type": "str"
+      },
+      {
+        "name": "container_name",
+        "description": "Container name",
+        "type": "str"
+      },
+      {
+        "name": "container_hostname",
+        "description": "Container internal hostname",
+        "type": "str"
+      },
+      {
+        "name": "container_timezone",
+        "description": "Container timezone (e.g., Europe/Berlin)",
+        "type": "str",
+        "default": "UTC"
+      },
+      {
+        "name": "user_uid",
+        "description": "User UID for container process",
+        "type": "int",
+        "default": 1000
+      },
+      {
+        "name": "user_gid",
+        "description": "User GID for container process",
+        "type": "int",
+        "default": 1000
+      },
+      {
+        "name": "container_loglevel",
+        "description": "Container log level",
+        "type": "enum",
+        "options": ["debug", "info", "warn", "error"],
+        "default": "info"
+      },
+      {
+        "name": "restart_policy",
+        "description": "Container restart policy",
+        "type": "enum",
+        "options": ["unless-stopped", "always", "on-failure", "no"],
+        "default": "unless-stopped"
+      }
+    ]
+  },
+  {
+    "key": "network",
+    "title": "Network",
+    "vars": [
+      {
+        "name": "network_mode",
+        "description": "Docker network mode",
+        "type": "enum",
+        "options": ["bridge", "host", "macvlan"],
+        "default": "bridge",
+        "extra": "bridge=default Docker networking, host=use host network stack, macvlan=dedicated MAC address on physical network"
+      },
+      {
+        "name": "network_name",
+        "description": "Docker network name",
+        "type": "str",
+        "default": "bridge",
+        "needs": ["network_mode=bridge,macvlan"]
+      },
+      {
+        "name": "network_external",
+        "description": "Use existing Docker network (external)",
+        "type": "bool",
+        "default": false,
+        "needs": ["network_mode=bridge,macvlan"]
+      },
+      {
+        "name": "network_macvlan_ipv4_address",
+        "description": "Static IP address for container",
+        "type": "str",
+        "default": "192.168.1.253",
+        "needs": ["network_mode=macvlan"]
+      },
+      {
+        "name": "network_macvlan_parent_interface",
+        "description": "Host network interface name",
+        "type": "str",
+        "default": "eth0",
+        "needs": ["network_mode=macvlan"]
+      },
+      {
+        "name": "network_macvlan_subnet",
+        "description": "Network subnet in CIDR notation",
+        "type": "str",
+        "default": "192.168.1.0/24",
+        "needs": ["network_mode=macvlan"]
+      },
+      {
+        "name": "network_macvlan_gateway",
+        "description": "Network gateway IP address",
+        "type": "str",
+        "default": "192.168.1.1",
+        "needs": ["network_mode=macvlan"]
+      }
+    ]
+  },
+  {
+    "key": "ports",
+    "title": "Ports",
+    "needs": ["network_mode=bridge"],
+    "vars": []
+  },
+  {
+    "key": "traefik",
+    "title": "Traefik",
+    "toggle": "traefik_enabled",
+    "needs": ["network_mode=bridge"],
+    "description": "Traefik routes external traffic to your service.",
+    "vars": [
+      {
+        "name": "traefik_enabled",
+        "description": "Enable Traefik reverse proxy integration",
+        "type": "bool",
+        "default": false
+      },
+      {
+        "name": "traefik_network",
+        "description": "Traefik network name",
+        "type": "str",
+        "default": "traefik"
+      },
+      {
+        "name": "traefik_host",
+        "description": "Domain name for your service (e.g., app.example.com)",
+        "type": "str"
+      },
+      {
+        "name": "traefik_entrypoint",
+        "description": "HTTP entrypoint (non-TLS)",
+        "type": "str",
+        "default": "web"
+      }
+    ]
+  },
+  {
+    "key": "traefik_tls",
+    "title": "Traefik TLS/SSL",
+    "toggle": "traefik_tls_enabled",
+    "needs": ["traefik_enabled=true;network_mode=bridge"],
+    "description": "Enable HTTPS/TLS for Traefik with certificate management.",
+    "vars": [
+      {
+        "name": "traefik_tls_enabled",
+        "description": "Enable HTTPS/TLS",
+        "type": "bool",
+        "default": true
+      },
+      {
+        "name": "traefik_tls_entrypoint",
+        "description": "TLS entrypoint",
+        "type": "str",
+        "default": "websecure"
+      },
+      {
+        "name": "traefik_tls_certresolver",
+        "description": "Traefik certificate resolver name",
+        "type": "str",
+        "default": "cloudflare"
+      }
+    ]
+  },
+  {
+    "key": "swarm",
+    "title": "Docker Swarm",
+    "toggle": "swarm_enabled",
+    "needs": ["network_mode=bridge"],
+    "description": "Deploy service in Docker Swarm mode.",
+    "vars": [
+      {
+        "name": "swarm_enabled",
+        "description": "Enable Docker Swarm mode",
+        "type": "bool",
+        "default": false
+      },
+      {
+        "name": "swarm_placement_mode",
+        "description": "Swarm placement mode",
+        "type": "enum",
+        "options": ["replicated", "global"],
+        "default": "replicated"
+      },
+      {
+        "name": "swarm_replicas",
+        "description": "Number of replicas",
+        "type": "int",
+        "default": 1,
+        "needs": ["swarm_placement_mode=replicated"]
+      },
+      {
+        "name": "swarm_placement_host",
+        "description": "Target hostname for placement constraint",
+        "type": "str",
+        "default": "",
+        "optional": true,
+        "needs": ["swarm_placement_mode=replicated"],
+        "extra": "Constrains service to run on specific node by hostname"
+      },
+      {
+        "name": "swarm_volume_mode",
+        "description": "Swarm volume storage backend",
+        "type": "enum",
+        "options": ["local", "mount", "nfs"],
+        "default": "local",
+        "extra": "WARNING: 'local' only works on single-node deployments!"
+      },
+      {
+        "name": "swarm_volume_mount_path",
+        "description": "Host path for bind mount",
+        "type": "str",
+        "default": "/mnt/storage",
+        "needs": ["swarm_volume_mode=mount"],
+        "extra": "Useful for shared/replicated storage"
+      },
+      {
+        "name": "swarm_volume_nfs_server",
+        "description": "NFS server address",
+        "type": "str",
+        "default": "192.168.1.1",
+        "needs": ["swarm_volume_mode=nfs"],
+        "extra": "IP address or hostname of NFS server"
+      },
+      {
+        "name": "swarm_volume_nfs_path",
+        "description": "NFS export path",
+        "type": "str",
+        "default": "/export",
+        "needs": ["swarm_volume_mode=nfs"],
+        "extra": "Path to NFS export on the server"
+      },
+      {
+        "name": "swarm_volume_nfs_options",
+        "description": "NFS mount options",
+        "type": "str",
+        "default": "rw,nolock,soft",
+        "needs": ["swarm_volume_mode=nfs"],
+        "extra": "Comma-separated NFS mount options"
+      }
+    ]
+  },
+  {
+    "key": "database",
+    "title": "Database",
+    "toggle": "database_enabled",
+    "description": "Connect to external database (PostgreSQL or MySQL)",
+    "vars": [
+      {
+        "name": "database_enabled",
+        "description": "Enable external database integration",
+        "type": "bool",
+        "default": false
+      },
+      {
+        "name": "database_type",
+        "description": "Database type",
+        "type": "enum",
+        "options": ["default", "sqlite", "postgres", "mysql"],
+        "default": "default"
+      },
+      {
+        "name": "database_external",
+        "description": "Use an external database server?",
+        "extra": "skips creation of internal database container",
+        "type": "bool",
+        "default": false
+      },
+      {
+        "name": "database_host",
+        "description": "Database host",
+        "type": "str",
+        "default": "database"
+      },
+      {
+        "name": "database_port",
+        "description": "Database port",
+        "type": "int"
+      },
+      {
+        "name": "database_name",
+        "description": "Database name",
+        "type": "str"
+      },
+      {
+        "name": "database_user",
+        "description": "Database user",
+        "type": "str"
+      },
+      {
+        "name": "database_password",
+        "description": "Database password",
+        "type": "str",
+        "default": "",
+        "sensitive": true,
+        "autogenerated": true
+      }
+    ]
+  }
+]

library/schemas/compose/v1.2.json

@@ -0,0 +1,512 @@
+[
+  {
+    "key": "general",
+    "title": "General",
+    "vars": [
+      {
+        "name": "service_name",
+        "description": "Service name",
+        "type": "str",
+        "required": true
+      },
+      {
+        "name": "container_name",
+        "description": "Container name",
+        "type": "str"
+      },
+      {
+        "name": "container_hostname",
+        "description": "Container internal hostname",
+        "type": "str"
+      },
+      {
+        "name": "container_timezone",
+        "description": "Container timezone (e.g., Europe/Berlin)",
+        "type": "str"
+      },
+      {
+        "name": "user_uid",
+        "description": "User UID for container process",
+        "type": "int",
+        "default": 1000
+      },
+      {
+        "name": "user_gid",
+        "description": "User GID for container process",
+        "type": "int",
+        "default": 1000
+      },
+      {
+        "name": "container_loglevel",
+        "description": "Container log level",
+        "type": "enum",
+        "options": ["debug", "info", "warn", "error"]
+      },
+      {
+        "name": "restart_policy",
+        "description": "Container restart policy",
+        "type": "enum",
+        "options": ["unless-stopped", "always", "on-failure", "no"],
+        "default": "unless-stopped",
+        "required": true
+      }
+    ]
+  },
+  {
+    "key": "network",
+    "title": "Network",
+    "vars": [
+      {
+        "name": "network_mode",
+        "description": "Docker network mode",
+        "type": "enum",
+        "options": ["bridge", "host", "macvlan"],
+        "extra": "bridge=default Docker networking, host=use host network stack, macvlan=dedicated MAC address on physical network"
+      },
+      {
+        "name": "network_name",
+        "description": "Docker network name",
+        "type": "str",
+        "default": "bridge",
+        "needs": ["network_mode=bridge,macvlan"],
+        "required": true
+      },
+      {
+        "name": "network_external",
+        "description": "Use existing Docker network (external)",
+        "type": "bool",
+        "default": false,
+        "needs": ["network_mode=bridge,macvlan"]
+      },
+      {
+        "name": "network_macvlan_ipv4_address",
+        "description": "Static IP address for container",
+        "type": "str",
+        "default": "192.168.1.253",
+        "needs": ["network_mode=macvlan"],
+        "required": true
+      },
+      {
+        "name": "network_macvlan_parent_interface",
+        "description": "Host network interface name",
+        "type": "str",
+        "default": "eth0",
+        "needs": ["network_mode=macvlan"],
+        "required": true
+      },
+      {
+        "name": "network_macvlan_subnet",
+        "description": "Network subnet in CIDR notation",
+        "type": "str",
+        "default": "192.168.1.0/24",
+        "needs": ["network_mode=macvlan"],
+        "required": true
+      },
+      {
+        "name": "network_macvlan_gateway",
+        "description": "Network gateway IP address",
+        "type": "str",
+        "default": "192.168.1.1",
+        "needs": ["network_mode=macvlan"],
+        "required": true
+      }
+    ]
+  },
+  {
+    "key": "ports",
+    "title": "Ports",
+    "needs": ["network_mode!=host,macvlan"],
+    "description": "Expose service ports to the host.",
+    "vars": [
+      {
+        "name": "ports_http",
+        "description": "HTTP port on host",
+        "type": "int",
+        "needs": ["traefik_enabled=false"],
+        "default": 8080,
+        "required": true
+      },
+      {
+        "name": "ports_https",
+        "description": "HTTPS port on host",
+        "type": "int",
+        "needs": ["traefik_enabled=false"],
+        "default": 8443,
+        "required": true
+      },
+      {
+        "name": "ports_ssh",
+        "description": "SSH port on host",
+        "type": "int",
+        "default": 22,
+        "required": true
+      },
+      {
+        "name": "ports_dns",
+        "description": "DNS port on host",
+        "type": "int",
+        "default": 53,
+        "required": true
+      },
+      {
+        "name": "ports_dhcp",
+        "description": "DHCP port on host",
+        "type": "int",
+        "default": 67,
+        "required": true
+      },
+      {
+        "name": "ports_smtp",
+        "description": "SMTP port on host",
+        "type": "int",
+        "default": 25,
+        "required": true
+      },
+      {
+        "name": "ports_snmp",
+        "description": "SNMP trap port",
+        "type": "int",
+        "default": 162,
+        "required": true
+      }
+    ]
+  },
+  {
+    "key": "traefik",
+    "title": "Traefik",
+    "toggle": "traefik_enabled",
+    "needs": ["network_mode!=host,macvlan"],
+    "description": "Traefik routes external traffic to your service.",
+    "vars": [
+      {
+        "name": "traefik_enabled",
+        "description": "Enable Traefik reverse proxy integration",
+        "type": "bool",
+        "default": false
+      },
+      {
+        "name": "traefik_network",
+        "description": "Traefik network name",
+        "type": "str",
+        "default": "traefik",
+        "required": true
+      },
+      {
+        "name": "traefik_host",
+        "description": "Service subdomain or full hostname (e.g., 'app' or 'app.example.com')",
+        "type": "str",
+        "required": true
+      },
+      {
+        "name": "traefik_domain",
+        "description": "Base domain (e.g., example.com)",
+        "type": "str",
+        "default": "home.arpa",
+        "required": true
+      }
+    ]
+  },
+  {
+    "key": "traefik_tls",
+    "title": "Traefik TLS/SSL",
+    "toggle": "traefik_tls_enabled",
+    "needs": ["traefik_enabled=true", "network_mode!=host,macvlan"],
+    "description": "Enable HTTPS/TLS for Traefik with certificate management.",
+    "vars": [
+      {
+        "name": "traefik_tls_enabled",
+        "description": "Enable HTTPS/TLS",
+        "type": "bool",
+        "default": true
+      },
+      {
+        "name": "traefik_tls_certresolver",
+        "description": "Traefik certificate resolver name",
+        "type": "str",
+        "default": "cloudflare",
+        "required": true
+      }
+    ]
+  },
+  {
+    "key": "volume",
+    "title": "Volume Storage",
+    "description": "Configure persistent storage for your service.",
+    "vars": [
+      {
+        "name": "volume_mode",
+        "description": "Volume storage backend",
+        "type": "enum",
+        "options": ["local", "mount", "nfs"],
+        "default": "local",
+        "required": true
+      },
+      {
+        "name": "volume_mount_path",
+        "description": "Host path for bind mounts",
+        "type": "str",
+        "default": "/mnt/storage",
+        "needs": ["volume_mode=mount"],
+        "required": true
+      },
+      {
+        "name": "volume_nfs_server",
+        "description": "NFS server address",
+        "type": "str",
+        "default": "192.168.1.1",
+        "needs": ["volume_mode=nfs"],
+        "required": true
+      },
+      {
+        "name": "volume_nfs_path",
+        "description": "NFS export path",
+        "type": "str",
+        "default": "/export",
+        "needs": ["volume_mode=nfs"],
+        "required": true
+      },
+      {
+        "name": "volume_nfs_options",
+        "description": "NFS mount options (comma-separated)",
+        "type": "str",
+        "default": "rw,nolock,soft",
+        "needs": ["volume_mode=nfs"],
+        "required": true
+      }
+    ]
+  },
+  {
+    "key": "resources",
+    "title": "Resource Limits",
+    "toggle": "resources_enabled",
+    "description": "Set CPU and memory limits for the service.",
+    "vars": [
+      {
+        "name": "resources_enabled",
+        "description": "Enable resource limits",
+        "type": "bool",
+        "default": false
+      },
+      {
+        "name": "resources_cpu_limit",
+        "description": "Maximum CPU cores (e.g., 0.5, 1.0, 2.0)",
+        "type": "str",
+        "default": "1.0",
+        "required": true
+      },
+      {
+        "name": "resources_cpu_reservation",
+        "description": "Reserved CPU cores",
+        "type": "str",
+        "default": "0.25",
+        "needs": ["swarm_enabled=true"],
+        "required": true
+      },
+      {
+        "name": "resources_memory_limit",
+        "description": "Maximum memory (e.g., 512M, 1G, 2G)",
+        "type": "str",
+        "default": "1G",
+        "required": true
+      },
+      {
+        "name": "resources_memory_reservation",
+        "description": "Reserved memory",
+        "type": "str",
+        "default": "512M",
+        "needs": ["swarm_enabled=true"],
+        "required": true
+      }
+    ]
+  },
+  {
+    "key": "swarm",
+    "title": "Docker Swarm",
+    "toggle": "swarm_enabled",
+    "needs": ["network_mode!=host,macvlan"],
+    "description": "Deploy service in Docker Swarm mode.",
+    "vars": [
+      {
+        "name": "swarm_enabled",
+        "description": "Enable Docker Swarm mode",
+        "type": "bool",
+        "default": false
+      },
+      {
+        "name": "swarm_placement_mode",
+        "description": "Swarm placement mode",
+        "type": "enum",
+        "options": ["replicated", "global"],
+        "default": "replicated",
+        "required": true
+      },
+      {
+        "name": "swarm_replicas",
+        "description": "Number of replicas",
+        "type": "int",
+        "default": 1,
+        "needs": ["swarm_placement_mode=replicated"],
+        "required": true
+      },
+      {
+        "name": "swarm_placement_host",
+        "description": "Target hostname for placement constraint",
+        "type": "str",
+        "default": "",
+        "needs": ["swarm_placement_mode=replicated"],
+        "extra": "Constrains service to run on specific node by hostname"
+      }
+    ]
+  },
+  {
+    "key": "database",
+    "title": "Database",
+    "toggle": "database_enabled",
+    "description": "Connect to external database (PostgreSQL or MySQL)",
+    "vars": [
+      {
+        "name": "database_enabled",
+        "description": "Enable external database integration",
+        "type": "bool",
+        "default": false
+      },
+      {
+        "name": "database_type",
+        "description": "Database type",
+        "type": "enum",
+        "options": ["sqlite", "postgres", "mysql"],
+        "default": "sqlite",
+        "required": true
+      },
+      {
+        "name": "database_external",
+        "description": "Use an external database server?",
+        "extra": "skips creation of internal database container",
+        "type": "bool",
+        "needs": ["database_type=postgres,mysql"],
+        "default": false
+      },
+      {
+        "name": "database_host",
+        "description": "Database host",
+        "type": "str",
+        "needs": ["database_external=true"],
+        "default": "database",
+        "required": true
+      },
+      {
+        "name": "database_port",
+        "description": "Database port",
+        "type": "int",
+        "required": true
+      },
+      {
+        "name": "database_name",
+        "description": "Database name",
+        "type": "str",
+        "required": true
+      },
+      {
+        "name": "database_user",
+        "description": "Database user",
+        "type": "str",
+        "required": true
+      },
+      {
+        "name": "database_password",
+        "description": "Database password",
+        "type": "str",
+        "default": "",
+        "sensitive": true,
+        "autogenerated": true,
+        "required": true
+      }
+    ]
+  },
+  {
+    "key": "email",
+    "title": "Email Server",
+    "toggle": "email_enabled",
+    "description": "Configure email server for notifications and user management.",
+    "vars": [
+      {
+        "name": "email_enabled",
+        "description": "Enable email server configuration",
+        "type": "bool",
+        "default": false
+      },
+      {
+        "name": "email_host",
+        "description": "SMTP server hostname",
+        "type": "str",
+        "required": true
+      },
+      {
+        "name": "email_port",
+        "description": "SMTP server port",
+        "type": "int",
+        "default": 25,
+        "required": true
+      },
+      {
+        "name": "email_username",
+        "description": "SMTP username",
+        "type": "str",
+        "required": true
+      },
+      {
+        "name": "email_password",
+        "description": "SMTP password",
+        "type": "str",
+        "sensitive": true,
+        "required": true
+      },
+      {
+        "name": "email_from",
+        "description": "From email address",
+        "type": "email",
+        "required": true
+      },
+      {
+        "name": "email_encryption",
+        "description": "Email encryption method to use",
+        "type": "enum",
+        "options": ["none", "starttls", "ssl"]
+      }
+    ]
+  },
+  {
+    "key": "authentik",
+    "title": "Authentik SSO",
+    "toggle": "authentik_enabled",
+    "description": "Integrate with Authentik for Single Sign-On authentication.",
+    "vars": [
+      {
+        "name": "authentik_enabled",
+        "description": "Enable Authentik SSO integration",
+        "type": "bool",
+        "default": false
+      },
+      {
+        "name": "authentik_url",
+        "description": "Authentik base URL (e.g., https://auth.example.com)",
+        "type": "url",
+        "required": true
+      },
+      {
+        "name": "authentik_slug",
+        "description": "Authentik application slug",
+        "type": "str",
+        "required": true
+      },
+      {
+        "name": "authentik_traefik_middleware",
+        "description": "Traefik middleware name for Authentik authentication",
+        "type": "str",
+        "default": "authentik-middleware@file",
+        "needs": ["traefik_enabled=true"],
+        "required": true
+      }
+    ]
+  }
+]

library/schemas/helm/v1.0.json

@@ -0,0 +1,14 @@
+[
+  {
+    "key": "general",
+    "title": "General",
+    "required": true,
+    "vars": [
+      {
+        "name": "playbook_name",
+        "description": "Ansible playbook name",
+        "type": "str"
+      }
+    ]
+  }
+]

library/schemas/kubernetes/v1.0.json

@@ -0,0 +1,14 @@
+[
+  {
+    "key": "general",
+    "title": "General",
+    "required": true,
+    "vars": [
+      {
+        "name": "playbook_name",
+        "description": "Ansible playbook name",
+        "type": "str"
+      }
+    ]
+  }
+]

library/schemas/packer/v1.0.json

@@ -0,0 +1,14 @@
+[
+  {
+    "key": "general",
+    "title": "General",
+    "required": true,
+    "vars": [
+      {
+        "name": "playbook_name",
+        "description": "Ansible playbook name",
+        "type": "str"
+      }
+    ]
+  }
+]

library/schemas/script/v1.0.json

@@ -0,0 +1,28 @@
+[
+  {
+    "key": "general",
+    "title": "General",
+    "required": true,
+    "vars": [
+      {
+        "name": "script_name",
+        "description": "Script name",
+        "type": "str",
+        "required": true
+      },
+      {
+        "name": "script_type",
+        "description": "Script type/runtime",
+        "type": "enum",
+        "options": ["bash", "python"],
+        "default": "bash",
+        "required": true
+      },
+      {
+        "name": "description",
+        "description": "Script description",
+        "type": "str"
+      }
+    ]
+  }
+]

library/schemas/terraform/v1.0.json

@@ -0,0 +1,36 @@
+[
+  {
+    "key": "general",
+    "title": "General",
+    "required": true,
+    "vars": [
+      {
+        "name": "project_name",
+        "description": "Terraform project name",
+        "type": "str",
+        "required": true
+      },
+      {
+        "name": "description",
+        "description": "Project description",
+        "type": "str"
+      }
+    ]
+  },
+  {
+    "key": "providers",
+    "title": "Providers",
+    "description": "Terraform provider configuration",
+    "required": true,
+    "vars": [
+      {
+        "name": "providers",
+        "description": "Required Terraform providers (JSON array of {name, version})",
+        "type": "str",
+        "required": true,
+        "default": "[]",
+        "extra": "JSON array of provider objects, e.g., [{\"name\":\"aws\",\"version\":\"~> 5.0\"}]"
+      }
+    ]
+  }
+]